frankurb Posted October 12, 2010 ID:326369 Share Posted October 12, 2010 Hello.My Windows Xp system doesn't work properly anymore. I only can start windows in Safe Mode.Before this I noticed that i couldn't access to www.malwarebytes.org and if I launch malwarebytes nothing happen.Here is the log file generated by HiJackThis. I tried to run the Avira Rescue System CD, but it doesn't solve the problem. Can anyone please help me?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16.35.50, on 12/10/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Programmi\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = CollegamentiR3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dllO4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /noguiO4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exeO4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\PICPRTR.EXEO4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe -startup_folderO4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exeO4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')O4 - Startup: SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXEO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dllO12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4964F847-36C5-48FB-B341-72CAED87EE75}: NameServer = 93.188.164.130,93.188.160.210O17 - HKLM\System\CCS\Services\Tcpip\..\{B563E52A-1B75-47E5-B3B5-AE56F4478347}: NameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\..\{CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4}: NameServer = 93.188.164.130,93.188.160.210O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exeO23 - Service: NetOp Helper ver. 9.51 (2010216) (NetOp Host for NT Service) - Netop Business Solutions A/S - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SVPRO50C\PROGRAM\PICSERV.EXEO23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exeO23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programmi\TightVNC\WinVNC.exeO23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 8880 byteshijackthis.log Link to post Share on other sites More sharing options...
kahdah Posted October 12, 2010 ID:326447 Share Posted October 12, 2010 Hello frankurbWelcome to Malwarebytes.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?" Link to post Share on other sites More sharing options...
frankurb Posted October 12, 2010 Author ID:326470 Share Posted October 12, 2010 I've just done what you say. With OTL it's ok, I paste here the two output files OTL.txt and Extras.txt.When tryng to run RKUnhookerLE.exe I get immediately the following error message "Error loading/opening driver" and the program exits.Thank you for your help and excuse me for my imperfect english.----------------------------------------------------------------------------------------------------------------OTL logfile created on: 12/10/2010 20.01.14 - Run 1OTL by OldTimer - Version 3.2.15.1 Folder = \\Newnotebookhp\Documenti\software\antivirusWindows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy511,00 Mb Total Physical Memory | 201,00 Mb Available Physical Memory | 39,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\ProgrammiDrive C: | 72,47 Gb Total Space | 47,79 Gb Free Space | 65,94% Space Free | Partition Type: NTFSDrive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32Drive G: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFSDrive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - \\Newnotebookhp\Documenti\software\antivirus\OTL.exe (OldTimer Tools)PRC - C:\Programmi\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)========== Modules (SafeList) ==========MOD - \\Newnotebookhp\Documenti\software\antivirus\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not foundSRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not foundSRV - (avast! Web Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)SRV - (avast! Mail Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)SRV - (avast! Antivirus) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)SRV - (TeamViewer5) -- C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)SRV - (winvnc) -- C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)SRV - (DTSRVC) -- C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()SRV - (Pacific Image Comm. Fax Server) -- C:\SVPRO50C\PROGRAM\picserv.exe ()========== Driver Services (SafeList) ==========DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)DRV - (NHostNT1) NetOp Driver 1 ver. 9.51 (2010216) -- C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS (Netop Business Solutions A/S)DRV - (NHOSTNT3) NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3) -- C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS (Netop Business Solutions A/S)DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation)DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)DRV - (NdisWDM) -- C:\WINDOWS\system32\drivers\NdisWDM.sys (Broadcom Corporation)DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (DeviceGuys, Inc.)DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gotto"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q="FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/10/02 10.15.31 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/26 09.39.48 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/26 11.39.33 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/09/17 15.45.06 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/09/17 15.45.06 | 000,000,000 | ---D | M][2009/07/20 11.00.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions[2009/07/20 11.00.23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2010/10/11 22.02.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions[2010/06/26 11.03.30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/10/11 22.02.06 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions[2010/09/17 15.45.06 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2010/09/03 09.41.03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2009/10/02 10.15.46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}[2010/09/17 15.44.56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll[2010/09/17 15.44.56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll[2009/10/02 10.15.29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll[2010/09/17 15.44.59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll[2010/08/13 07.03.40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll[2010/06/26 11.39.14 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll[2010/06/26 11.39.44 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll[2010/06/26 11.39.06 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll[2010/07/29 12.04.41 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml[2010/07/29 12.04.41 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml[2010/07/29 12.04.41 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml[2010/07/29 12.04.41 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml[2010/07/29 12.04.41 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml[2010/07/29 12.04.41 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xmlO1 HOSTS File: ([2010/06/20 17.27.29 | 000,000,793 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.O3 - HKLM\..\Toolbar: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\ShellBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)O4 - HKLM..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)O4 - HKLM..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\picprtr.exe ()O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\qttask.exe (Apple Inc.)O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [updateManager] C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe (Sonic Solutions)O4 - HKLM..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (U.S. Robotics Corporation)O4 - HKLM..\Run: [VTTimer] File not foundO4 - HKLM..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()O4 - HKLM..\Run: [WinVNC] C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)O4 - HKCU..\Run: [Acme.PCHButton] C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [CTSyncU.exe] C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)O4 - HKCU..\Run: [RecordNow!] File not foundO4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)O12 - Plugin for: .spop - C:\Programmi\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)O15 - HKCU\..Trusted Domains: ([]msn in Risorse del computer)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.130,93.188.160.210O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (Pagina iniziale corrente) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]O33 - MountPoints2\##192.168.1.3#E\Shell - "" = AutoRunO33 - MountPoints2\##192.168.1.3#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not foundO33 - MountPoints2\##Newnotebookhp#E\Shell - "" = AutoRunO33 - MountPoints2\##Newnotebookhp#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not foundO33 - MountPoints2\##Pavilion#G#mathema\Shell - "" = AutoRunO33 - MountPoints2\##Pavilion#G#mathema\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/20 00.39.44 | 000,023,040 | ---- | M] (Microsoft Corporation)O33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell - "" = AutoRunO33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not foundO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS)O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not foundNetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)NetSvcs: WmdmPmSp - File not found========== Files/Folders - Created Within 30 Days ==========[2010/10/12 09.29.37 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX[2010/10/12 09.29.37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache[2010/10/11 22.24.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\My Backups[2010/10/11 22.22.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft[2010/10/11 22.05.27 | 000,000,000 | ---D | C] -- C:\Programmi\Genie-Soft[2010/10/11 21.51.40 | 000,000,000 | ---D | C] -- C:\Programmi\Outlook Express Backup Wizard[2010/10/11 15.37.08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/10/11 15.37.03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/10/11 15.37.03 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware[2010/10/10 20.11.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss[2010/10/10 20.06.36 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro[2010/10/10 20.02.10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe[2010/10/10 19.58.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\TestOfficePro[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Programmi\SunRav TestOfficePro 5[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\My Tests[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\Groups[2010/10/10 19.22.00 | 000,000,000 | ---D | C] -- C:\Programmi\Test Generator[2010/10/09 18.46.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data[2010/10/09 18.38.45 | 000,104,192 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT1.SYS[2010/10/09 18.38.45 | 000,010,456 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT3.SYS[2010/10/09 18.38.45 | 000,009,784 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\NHOSTNT4.DLL[2010/10/09 18.38.15 | 000,000,000 | ---D | C] -- C:\Programmi\Netop[2010/09/16 18.43.41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr[2010/09/16 18.43.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software[2010/09/14 23.02.49 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2003/05/29 03.26.48 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/10/12 16.35.28 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk[2010/10/12 16.24.43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat[2010/10/12 09.34.01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI[2010/10/12 09.29.37 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX[2010/10/11 22.05.01 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk[2010/10/11 15.45.42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Easy OutLook Express Backup.lnk[2010/10/11 15.37.10 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/10/11 15.14.21 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job[2010/10/11 15.14.19 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT[2010/10/11 15.14.06 | 000,001,162 | ---- | M] () -- C:\WINDOWS\PICPRTR.DEB[2010/10/11 15.14.02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job[2010/10/11 15.13.43 | 000,000,126 | ---- | M] () -- C:\WINDOWS\PICSERV.DEB[2010/10/11 09.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini[2010/10/10 20.06.13 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi[2010/10/10 20.03.36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe[2010/10/10 19.54.33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job[2010/10/10 19.43.44 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb[2010/10/10 19.42.20 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb[2010/10/09 19.37.00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Netop.INI[2010/10/06 18.49.01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/10/04 22.06.07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/10/04 19.24.44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc[2010/10/04 09.54.56 | 000,546,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc[2010/10/04 07.36.09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/09/25 16.22.14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc[2010/09/16 18.44.08 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk[2010/09/16 18.44.05 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2010/09/14 18.04.12 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2010/10/11 21.51.40 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk[2010/10/11 15.37.10 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/10/11 08.13.09 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk[2010/10/11 08.13.09 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk[2010/10/11 08.13.09 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK[2010/10/11 08.13.09 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk[2010/10/10 20.06.36 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk[2010/10/10 20.05.53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi[2010/10/10 19.43.17 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb[2010/10/10 19.34.34 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb[2010/10/09 18.38.53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\Netop.INI[2010/10/04 18.20.10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc[2010/10/04 09.43.03 | 000,546,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc[2010/09/25 16.22.13 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc[2010/09/16 18.44.08 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk[2010/09/14 17.48.52 | 000,005,450 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf[2010/07/13 17.01.34 | 000,012,979 | ---- | C] () -- C:\WINDOWS\winsight.ini[2010/02/17 18.14.35 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2010/01/27 18.56.13 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini[2009/11/21 17.56.07 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\cvf.ini[2009/11/16 18.33.38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll[2009/10/18 22.18.52 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll[2009/10/18 22.07.05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll[2009/10/18 17.29.45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll[2009/10/01 20.32.23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2009/09/11 18.08.00 | 000,000,358 | ---- | C] () -- C:\WINDOWS\PDvr4TWNViewer.INI[2009/07/21 11.58.27 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/07/21 11.46.51 | 000,000,604 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI[2009/07/20 17.36.58 | 000,007,531 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThruOptions.xml[2009/07/20 17.36.42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll[2009/07/20 17.36.32 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Readiris.ini[2009/07/20 17.36.30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll[2009/07/20 17.33.49 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll[2009/07/20 17.33.49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll[2009/07/20 17.33.49 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll[2009/07/20 17.33.49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll[2009/07/20 10.52.28 | 000,000,644 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2009/07/12 17.54.21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SVPROUX.DLL[2009/07/12 17.54.21 | 000,000,093 | ---- | C] () -- C:\WINDOWS\SVPROU.INI[2009/07/12 17.54.10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\FAX1.INI[2009/07/12 09.48.11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[2009/07/12 09.48.10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[2009/07/12 09.47.31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll[2009/07/12 09.47.31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\windevx.dll[2009/07/12 09.47.31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflb0.dll[2009/07/12 03.44.51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys[2009/07/11 20.50.00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2009/07/11 20.49.03 | 000,001,746 | ---- | C] () -- C:\WINDOWS\ATICIM.INI[2009/06/07 13.27.20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll[2006/11/02 10.27.46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI[2003/09/23 02.23.12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2003/09/21 16.45.36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL35.dll[2003/05/29 03.26.48 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll[2003/05/29 03.26.48 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll[2003/01/02 06.31.46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2003/01/02 00.56.07 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat[2003/01/02 00.54.21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll[2003/01/02 00.41.51 | 000,026,845 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS[2003/01/02 00.41.33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll[2003/01/02 00.41.01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll[2003/01/02 00.12.00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2003/01/02 00.11.33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll[2003/01/01 23.51.03 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log[2003/01/01 23.42.45 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2003/01/01 23.08.11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll[2003/01/01 23.08.11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll[2003/01/01 23.07.55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll[2003/01/01 22.44.32 | 000,000,949 | ---- | C] () -- C:\WINDOWS\orun32.ini[2003/01/01 22.35.17 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2003/01/01 20.00.04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini[2003/01/01 20.00.04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini[1996/02/01 19.25.42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll========== LOP Check ==========[2010/09/16 18.43.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software[2010/10/09 19.28.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data[2003/01/02 00.35.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo[2010/10/09 18.39.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop[2010/06/22 14.53.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SolarWinds[2009/09/16 19.24.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\DisplayTune[2010/10/11 22.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft[2009/10/18 22.06.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterTrust[2009/09/16 09.40.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterVideo[2010/07/01 19.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\iPodder[2009/07/30 11.50.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\LaCie[2009/08/02 21.06.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Leadertech[2010/10/09 18.39.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop[2003/01/02 01.02.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SampleView[2010/03/19 20.57.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmartDraw[2009/07/20 17.36.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThru4[2010/05/20 20.03.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TeamViewer[2010/10/10 19.58.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro[2010/10/11 09.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job[2010/10/11 15.14.21 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2009/07/12 09.48.16 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log[2009/07/11 20.38.51 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini[2003/09/23 14.47.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin[2010/04/20 19.18.49 | 000,019,968 | ---- | M] () -- C:\checklist.doc[2003/09/22 20.48.00 | 000,246,960 | RHS- | M] () -- C:\cmldr[2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2010/07/02 17.36.42 | 000,000,122 | ---- | M] () -- C:\mbam-error.txt[2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2009/07/12 11.01.04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2009/07/12 11.01.04 | 000,251,072 | RHS- | M] () -- C:\ntldr[2010/08/10 22.04.13 | 000,000,020 | -HS- | M] () -- C:\ntuser.ini[2010/01/28 17.53.41 | 000,304,160 | ---- | M] () -- C:\PA207.DAT[2010/10/12 16.24.35 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys[2009/09/16 19.23.44 | 000,000,173 | ---- | M] () -- C:\pdisdk.log[2010/10/12 16.34.56 | 000,000,580 | ---- | M] () -- C:\Win32.Worm.Downladup.Gen.log< %systemroot%\system32\*.dll /lockedfiles >[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< %systemroot%\Tasks\*.job /lockedfiles >< %systemroot%\system32\drivers\*.sys /90 >[2010/09/07 16.46.51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys[2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys[2010/09/07 16.47.16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys[2010/09/07 16.47.19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys[2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys[2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys[2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys[2010/08/04 09.51.00 | 000,104,192 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT1.SYS[2010/08/04 09.51.00 | 000,010,456 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT3.SYS< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008/07/06 14.06.10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll< End of report >OTL Extras logfile created on: 12/10/2010 20.01.14 - Run 1OTL by OldTimer - Version 3.2.15.1 Folder = \\Newnotebookhp\Documenti\software\antivirusWindows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy511,00 Mb Total Physical Memory | 201,00 Mb Available Physical Memory | 39,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\ProgrammiDrive C: | 72,47 Gb Total Space | 47,79 Gb Free Space | 65,94% Space Free | Partition Type: NTFSDrive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32Drive G: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFSDrive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)htmlfile [print] -- "C:\Programmi\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"5900:TCP" = 5900:TCP:*:Enabled:TightVnc Porta Tcp========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)"C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe" = C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe:*:Enabled:NetOp Teacher -- (Netop Business Solutions A/S)"C:\Programmi\Netop\Netop School\Student\nstdw32.exe" = C:\Programmi\Netop\Netop School\Student\nstdw32.exe:*:Enabled:NetOp Student -- (Netop Business Solutions A/S)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"G:\software\FTP\ws_ftp95.exe" = G:\software\FTP\ws_ftp95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)"E:\Windows\IPConfigurator.exe" = E:\Windows\IPConfigurator.exe:*:Enabled:IPConfigurator -- File not found"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programma di trasferimento file (FTP) -- (Microsoft Corporation)"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found"C:\Programmi\yWorks\yEd\yEd.exe" = C:\Programmi\yWorks\yEd\yEd.exe:*:Enabled:yEd Graph Editor -- (yWorks GmbH)"C:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe" = C:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe:*:Enabled:FreeProxy -- ()"C:\Programmi\TeamViewer\Version5\TeamViewer.exe" = C:\Programmi\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)"C:\Programmi\DsNET Corp\aTube Catcher 2.0\yct.exe" = C:\Programmi\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos. -- (DsNET)"C:\Programmi\Real\RealPlayer\realplay.exe" = C:\Programmi\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)"C:\WINDOWS\system32\SKADDEMO.scr" = C:\WINDOWS\system32\SKADDEMO.scr:*:Enabled:SKADDEMO -- File not found"C:\Programmi\Skype\Plugin Manager\skypePM.exe" = C:\Programmi\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)"C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe" = C:\Programmi\Netop\Netop School\Teacher\ntchw32.exe:*:Enabled:NetOp Teacher -- (Netop Business Solutions A/S)"C:\Programmi\Netop\Netop School\Student\nstdw32.exe" = C:\Programmi\Netop\Netop School\Student\nstdw32.exe:*:Enabled:NetOp Student -- (Netop Business Solutions A/S)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00000008-9FF0-11DF-8612-0417A1A01290}" = Netop School Teacher"{00000028-9FF0-11DF-8612-0417A1A01290}" = Netop School Student"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java SE Development Kit 6 Update 16"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare"{77823744-1D1C-446C-A9D9-A5D374FBDDE3}_is1" = SunRav TestOfficePro 5"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects"{AC76BA86-7AD7-1040-7B44-A93000000001}" = Adobe Reader 9.3.4 - Italiano"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware"{C35A5AD9-1271-4A73-B886-6F81F9A67883}" = SolarWinds IP Address Tracker"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype Link to post Share on other sites More sharing options...
kahdah Posted October 12, 2010 ID:326574 Share Posted October 12, 2010 Are you trying to run it from a network location of so you need to have it run directly from the computer.Please try to place it on the desktop and try it once more.If it still will not run then let me know. Link to post Share on other sites More sharing options...
frankurb Posted October 13, 2010 Author ID:326870 Share Posted October 13, 2010 Link to post Share on other sites More sharing options...
frankurb Posted October 13, 2010 Author ID:326875 Share Posted October 13, 2010 I run Rootkit Unhooker in the local infected computer with Windows XP in safe mode and I always had the error message. Now I tried to run it in normal mode and it runs regularly. However in this while I also read in Important Topics the topic: "Procedures to help resolve issues preventing MBAM from running". I followed the first procedure "MBAM won't run(Fix), SystemSecurity" and following this procedure I could make Malwarebytes run, finding and removing four malwares. Now I see system seems running correctly and I can access to malwarebytes.org. However I can run malwarebytes only if the original "mbam.exe" file is renamed to "winlogon.exe" as suggested in the procedure. If I rename the program as "mbam.exe" it doesn.t start. I also tried to download and reinstall the program and update it, but the problem remains. So I suppose there is still something wrong, but malwarebytes now doesn't find any problem. I repeated the procedures you told me in the preceding answers and I paste the new outputs generated by: a. Hijackthis b. OTL (only otl.txt; extras.txt was not generated) c. Rootkit Unhooker Thank you again. Francesco Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20.13.13, on 13/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\SVPRO50C\PROGRAM\PICSERV.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe C:\Programmi\TightVNC\WinVNC.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\Programmi\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alwil Software\Avast5\avastUI.exe C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe C:\WINDOWS\System32\WLTRAY.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Java\jre6\bin\jusched.exe C:\SVPRO50C\PROGRAM\PICPRTR.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe C:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Mozilla Firefox\plugin-container.exe C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe C:\Programmi\Skype\Toolbars\Shared\SkypeNames2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe O4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\PICPRTR.EXE O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - Startup: SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B563E52A-1B75-47E5-B3B5-AE56F4478347}: NameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4}: NameServer = 192.168.1.254 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: NetOp Helper ver. 9.51 (2010216) (NetOp Host for NT Service) - Netop Business Solutions A/S - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SVPRO50C\PROGRAM\PICSERV.EXE O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programmi\TightVNC\WinVNC.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10194 bytes OTL logfile created on: 13/10/2010 20.47.45 - Run 3 OTL by OldTimer - Version 3.2.15.2 Folder = G:\software\antiVirus Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 110,00 Mb Available Physical Memory | 22,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 72,47 Gb Total Space | 47,13 Gb Free Space | 65,02% Space Free | Partition Type: NTFS Drive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32 Drive G: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFS Drive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32 Drive M: | 293,88 Gb Total Space | 219,85 Gb Free Space | 74,81% Space Free | Partition Type: NTFS Drive Q: | 72,47 Gb Total Space | 47,13 Gb Free Space | 65,02% Space Free | Partition Type: NTFS Drive Z: | 72,47 Gb Total Space | 47,13 Gb Free Space | 65,02% Space Free | Partition Type: NTFS Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\software\antiVirus\OTL.exe (OldTimer Tools) PRC - C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programmi\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programmi\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S) PRC - C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programmi\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) PRC - C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group) PRC - C:\Programmi\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc) PRC - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe () PRC - C:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.) PRC - C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) PRC - C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe () PRC - C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP) PRC - C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC) PRC - C:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe () PRC - C:\SVPRO50C\PROGRAM\picserv.exe () PRC - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) PRC - C:\SVPRO50C\PROGRAM\picprtr.exe () ========== Modules (SafeList) ========== MOD - G:\software\antiVirus\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (avast! Web Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S) SRV - (TeamViewer5) -- C:\Programmi\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (winvnc) -- C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group) SRV - (DTSRVC) -- C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe () SRV - (Pacific Image Comm. Fax Server) -- C:\SVPRO50C\PROGRAM\picserv.exe () ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (NHostNT1) NetOp Driver 1 ver. 9.51 (2010216) -- C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS (Netop Business Solutions A/S) DRV - (NHOSTNT3) NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3) -- C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS (Netop Business Solutions A/S) DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (NdisWDM) -- C:\WINDOWS\system32\drivers\NdisWDM.sys (Broadcom Corporation) DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.) DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (DeviceGuys, Inc.) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gotto" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/10/02 10.15.31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/26 09.39.48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/26 11.39.33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/09/17 15.45.06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/09/17 15.45.06 | 000,000,000 | ---D | M] [2009/07/20 11.00.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions [2009/07/20 11.00.23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/10/13 19.29.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions [2010/06/26 11.03.30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/10/13 19.29.56 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions [2010/09/17 15.45.06 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/09/03 09.41.03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009/10/02 10.15.46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010/09/17 15.44.56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll [2010/09/17 15.44.56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll [2009/10/02 10.15.29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll [2010/09/17 15.44.59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll [2010/08/13 07.03.40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll [2010/06/26 11.39.14 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll [2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll [2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll [2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll [2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll [2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll [2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll [2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll [2010/06/26 11.39.44 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll [2010/06/26 11.39.06 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll [2010/07/29 12.04.41 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml [2010/07/29 12.04.41 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml [2010/07/29 12.04.41 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml [2010/07/29 12.04.41 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml [2010/07/29 12.04.41 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml [2010/07/29 12.04.41 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2010/06/20 17.27.29 | 000,000,793 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company) O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe () O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\picprtr.exe () O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (U.S. Robotics Corporation) O4 - HKLM..\Run: [VTTimer] File not found O4 - HKLM..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe () O4 - HKLM..\Run: [WinVNC] C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group) O4 - HKCU..\Run: [Acme.PCHButton] C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [CTSyncU.exe] C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation) O4 - HKCU..\Run: [RecordNow!] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP) O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S) O12 - Plugin for: .spop - C:\Programmi\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O15 - HKCU\..Trusted Domains: ([]msn in Risorse del computer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2002/09/10 18.02.32 | 000,000,045 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2006/12/04 20.37.12 | 000,000,043 | ---- | M] () - M:\autorun.inf -- [ NTFS ] O33 - MountPoints2\##192.168.1.3#E\Shell - "" = AutoRun O33 - MountPoints2\##192.168.1.3#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not found O33 - MountPoints2\##Newnotebookhp#E\Shell - "" = AutoRun O33 - MountPoints2\##Newnotebookhp#E\Shell\AutoRun\command - "" = R:\STRun.EXE -- File not found O33 - MountPoints2\##Pavilion#G#mathema\Shell - "" = AutoRun O33 - MountPoints2\##Pavilion#G#mathema\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/20 00.39.44 | 000,023,040 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell - "" = AutoRun O33 - MountPoints2\{7d7da1ce-785a-11de-8224-000ea61f514d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS) O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Info.exe -- [2002/09/10 12.54.58 | 000,040,960 | -HS- | M] (XSS) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2010/10/12 09.29.37 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX [2010/10/12 09.29.37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010/10/11 22.24.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\My Backups [2010/10/11 22.22.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft [2010/10/11 22.05.27 | 000,000,000 | ---D | C] -- C:\Programmi\Genie-Soft [2010/10/11 21.51.40 | 000,000,000 | ---D | C] -- C:\Programmi\Outlook Express Backup Wizard [2010/10/11 15.37.08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/10/11 15.37.03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/10/11 15.37.03 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware [2010/10/10 20.11.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/10/10 20.06.36 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro [2010/10/10 20.02.10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe [2010/10/10 19.58.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro [2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\TestOfficePro [2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Programmi\SunRav TestOfficePro 5 [2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\My Tests [2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\Groups [2010/10/10 19.22.00 | 000,000,000 | ---D | C] -- C:\Programmi\Test Generator [2010/10/09 18.46.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data [2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop [2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop [2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop [2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data [2010/10/09 18.38.45 | 000,104,192 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT1.SYS [2010/10/09 18.38.45 | 000,010,456 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT3.SYS [2010/10/09 18.38.45 | 000,009,784 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\NHOSTNT4.DLL [2010/10/09 18.38.15 | 000,000,000 | ---D | C] -- C:\Programmi\Netop [2010/09/16 18.43.41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2010/09/16 18.43.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software [2010/09/14 23.02.49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2003/05/29 03.26.48 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/13 20.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010/10/13 19.55.35 | 000,023,522 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf [2010/10/13 19.45.13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/13 19.14.04 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job [2010/10/13 19.13.50 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2010/10/13 19.13.49 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job [2010/10/13 19.13.48 | 000,007,751 | ---- | M] () -- C:\WINDOWS\PICPRTR.DEB [2010/10/13 19.13.39 | 000,000,126 | ---- | M] () -- C:\WINDOWS\PICSERV.DEB [2010/10/13 19.13.19 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/13 19.13.16 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys [2010/10/12 20.07.02 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE [2010/10/12 16.35.28 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk [2010/10/12 09.34.01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI [2010/10/12 09.29.37 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX [2010/10/11 22.05.01 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk [2010/10/11 15.45.42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Easy OutLook Express Backup.lnk [2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini [2010/10/10 20.06.13 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi [2010/10/10 20.03.36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe [2010/10/10 19.54.33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job [2010/10/10 19.43.44 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb [2010/10/10 19.42.20 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb [2010/10/09 19.37.00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Netop.INI [2010/10/06 18.49.01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/04 22.06.07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/04 19.24.44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc [2010/10/04 09.54.56 | 000,546,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc [2010/10/04 07.36.09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/25 16.22.14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc [2010/09/16 18.44.08 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2010/09/16 18.44.05 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/09/14 18.04.12 | 000,005,450 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/13 19.55.35 | 000,023,522 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf [2010/10/13 17.44.16 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys [2010/10/12 20.08.32 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE [2010/10/11 21.51.40 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk [2010/10/11 15.37.10 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/11 08.13.09 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk [2010/10/11 08.13.09 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk [2010/10/11 08.13.09 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK [2010/10/11 08.13.09 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk [2010/10/10 20.06.36 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk [2010/10/10 20.05.53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi [2010/10/10 19.43.17 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb [2010/10/10 19.34.34 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb [2010/10/09 18.38.53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\Netop.INI [2010/10/04 18.20.10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc [2010/10/04 09.43.03 | 000,546,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc [2010/09/25 16.22.13 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc [2010/09/16 18.44.08 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2010/09/14 17.48.52 | 000,005,450 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\domandeIntellicigItalia.rtf [2010/07/13 17.01.34 | 000,012,979 | ---- | C] () -- C:\WINDOWS\winsight.ini [2010/02/17 18.14.35 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010/01/27 18.56.13 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2009/11/21 17.56.07 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\cvf.ini [2009/11/16 18.33.38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009/10/18 22.18.52 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll [2009/10/18 22.07.05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2009/10/18 17.29.45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009/10/01 20.32.23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/09/11 18.08.00 | 000,000,358 | ---- | C] () -- C:\WINDOWS\PDvr4TWNViewer.INI [2009/07/21 11.58.27 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/21 11.46.51 | 000,000,604 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI [2009/07/20 17.36.58 | 000,007,531 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThruOptions.xml [2009/07/20 17.36.42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll [2009/07/20 17.36.32 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2009/07/20 17.36.30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2009/07/20 17.33.49 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll [2009/07/20 17.33.49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll [2009/07/20 17.33.49 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll [2009/07/20 17.33.49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll [2009/07/20 10.52.28 | 000,000,644 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/07/12 17.54.21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SVPROUX.DLL [2009/07/12 17.54.21 | 000,000,093 | ---- | C] () -- C:\WINDOWS\SVPROU.INI [2009/07/12 17.54.10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\FAX1.INI [2009/07/12 09.48.11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2009/07/12 09.48.10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2009/07/12 09.47.31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll [2009/07/12 09.47.31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\windevx.dll [2009/07/12 09.47.31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflb0.dll [2009/07/12 03.44.51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2009/07/11 20.50.00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/07/11 20.49.03 | 000,001,746 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2009/06/07 13.27.20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll [2006/11/02 10.27.46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI [2003/09/23 02.23.12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/09/21 16.45.36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL35.dll [2003/05/29 03.26.48 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll [2003/05/29 03.26.48 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll [2003/01/02 06.31.46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/01/02 00.56.07 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat [2003/01/02 00.54.21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll [2003/01/02 00.41.51 | 000,026,845 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2003/01/02 00.41.33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll [2003/01/02 00.41.01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2003/01/02 00.12.00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/01/02 00.11.33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll [2003/01/01 23.51.03 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log [2003/01/01 23.42.45 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/01/01 23.08.11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2003/01/01 23.08.11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2003/01/01 23.07.55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2003/01/01 22.44.32 | 000,000,949 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/01/01 22.35.17 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/01/01 20.00.04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini [2003/01/01 20.00.04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini [1996/02/01 19.25.42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll ========== LOP Check ========== [2010/09/16 18.43.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software [2010/10/09 19.28.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data [2003/01/02 00.35.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo [2010/10/09 18.39.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop [2010/06/22 14.53.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SolarWinds [2009/09/16 19.24.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\DisplayTune [2010/10/11 22.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft [2009/10/18 22.06.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterTrust [2009/09/16 09.40.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\InterVideo [2010/07/01 19.22.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\iPodder [2009/07/30 11.50.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\LaCie [2009/08/02 21.06.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Leadertech [2010/10/09 18.39.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop [2003/01/02 01.02.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SampleView [2010/03/19 20.57.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmartDraw [2009/07/20 17.36.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThru4 [2010/05/20 20.03.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TeamViewer [2010/10/10 19.58.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro [2010/10/13 20.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2010/10/13 19.14.04 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/07/12 09.48.16 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log [2009/07/11 20.38.51 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK [2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini [2003/09/23 14.47.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010/04/20 19.18.49 | 000,019,968 | ---- | M] () -- C:\checklist.doc [2003/09/22 20.48.00 | 000,246,960 | RHS- | M] () -- C:\cmldr [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/10/13 19.13.16 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys [2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/07/02 17.36.42 | 000,000,122 | ---- | M] () -- C:\mbam-error.txt [2003/01/01 22.41.29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009/07/12 11.01.04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009/07/12 11.01.04 | 000,251,072 | RHS- | M] () -- C:\ntldr [2010/08/10 22.04.13 | 000,000,020 | -HS- | M] () -- C:\ntuser.ini [2010/01/28 17.53.41 | 000,304,160 | ---- | M] () -- C:\PA207.DAT [2010/10/13 19.13.15 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys [2009/09/16 19.23.44 | 000,000,173 | ---- | M] () -- C:\pdisdk.log [2010/10/12 16.34.56 | 000,000,580 | ---- | M] () -- C:\Win32.Worm.Downladup.Gen.log < %systemroot%\system32\*.dll /lockedfiles > [8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > [2010/09/07 16.46.51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys [2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010/09/07 16.47.16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys [2010/09/07 16.47.19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys [2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys [2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys [2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys [2010/08/04 09.51.00 | 000,104,192 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT1.SYS [2010/08/04 09.51.00 | 000,010,456 | ---- | M] (Netop Business Solutions A/S) -- C:\WINDOWS\system32\drivers\NHOSTNT3.SYS < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 14.06.10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll < End of report > RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 2) Number of processors #1 ============================================== >Drivers ============================================== 0xBF0CA000 C:\WINDOWS\System32\ati3duag.dll 2666496 bytes (ATI Technologies Inc. , ati3duag.dll) 0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2185088 bytes (Microsoft Corporation, Sistema e kernel NT) 0x804D7000 PnpManager 2185088 bytes 0x804D7000 RAW 2185088 bytes 0x804D7000 WMIxWDM 2185088 bytes 0xBF800000 Win32k 1851392 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Driver Win32 multiutente) 0xF729E000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 1585152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver) 0xBF355000 C:\WINDOWS\System32\ativvaxx.dll 1134592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver) 0xF7468000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 770048 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM)) 0xF8320000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xAD772000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xAD856000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xAB4F2000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver) 0xAABC7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 258048 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module) 0xBF094000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager) 0xF6EB3000 C:\WINDOWS\System32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver) 0xF8450000 ACPI.sys 188416 bytes (Microsoft Corporation, Driver ACPI per NT) 0xAB571000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF82F3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xAD7E1000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xAA2EB000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xAD82E000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xAD72A000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module) 0xF7444000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xAD707000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xF7421000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xF7524000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xAD80C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xAD751000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator) 0x806ED000 ACPI_HAL 131968 bytes 0x806ED000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF83E9000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF8420000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver FT del disco) 0xF82D8000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF8408000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xAD8E1000 C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS 98304 bytes (Netop Business Solutions A/S, NetOp Driver 1 and 2) 0xAB6F0000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP) 0xF83C0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF7273000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xAB5EB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF7558000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver della porta parallela) 0xF728A000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xAD8AE000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xF83AD000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF83D7000 sr.sys 73728 bytes (Microsoft Corporation, Driver filtro file system Ripristino configurazione di sistema) 0xF843F000 pci.sys 69632 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT) 0xF7262000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF7547000 C:\WINDOWS\System32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Driver della periferica seriale) 0xAB2A2000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF85FF000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF855F000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager) 0xAE761000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client) 0xF62D8000 C:\WINDOWS\System32\Drivers\DgiVecp.sys 61440 bytes (DeviceGuys, Inc., Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes) 0xF7A1F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xAE711000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver) 0xF84FF000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xF856F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Driver del filtro audio Redbook) 0xADDC3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xEFEB0000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xF7A3F000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Driver della porta i8042) 0xF7A2F000 C:\WINDOWS\System32\DRIVERS\NVENET.sys 57344 bytes (NVIDIA Corporation, NVIDIA nForce MCP Networking Driver.) 0xF84BF000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver copia replicata del volume) 0xF850F000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xF84DF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF858F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF85AF000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF851F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter) 0xF7A4F000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 45056 bytes (Microsoft Corporation, Driver di periferica processore) 0xF857F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF84AF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF859F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF7A0F000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 40960 bytes (Oak Technology Inc., Audio File System) 0xAE975000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver) 0xF85EF000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF85DF000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF84CF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xAE781000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF849F000 isapnp.sys 36864 bytes (Microsoft Corporation, Driver bus PNP ISA) 0xF85BF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xAE965000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xAAAED000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF84EF000 SISAGPX.sys 36864 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter) 0xAE771000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xAE92D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF877F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xF8787000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver classe tastiera) 0xF871F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF8807000 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys 28672 bytes (TeamViewer GmbH, TeamViewerVPN Network Adapter) 0xF879F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF8737000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter) 0xAE915000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP) 0xF878F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver Mouse Class) 0xF873F000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter) 0xAE93D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xEF5F6000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver) 0xAE94D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver) 0xAE935000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF8727000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF87F7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF872F000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xF87FF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF87A7000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xF8797000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver) 0xAE68A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xF8937000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xF51D2000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xF899B000 C:\WINDOWS\System32\DRIVERS\PS2.sys 16384 bytes (Hewlett-Packard Company, PS2 SYS) 0xF7B88000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xF8927000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver) 0xF88AF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xAE53E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xF7B78000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xF39A1000 C:\WINDOWS\System32\DRIVERS\pdiddcci.sys 12288 bytes (Portrait Displays, Inc., Portrait Displays DDC/CI Monitor Device Driver) 0xF8933000 C:\WINDOWS\System32\Drivers\PdiPorts.sys 12288 bytes (Portrait Displays, Inc., PdiPorts Device Driver) 0xF7B84000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell) 0xAEB09000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xAEAFD000 C:\WINDOWS\System32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager) 0xF89A9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF89A7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF899F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF89AB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF89FB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xF89AD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF89F7000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF89BF000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF89A1000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF8BEF000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xAE8C1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xF8AA4000 C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS 4096 bytes (Netop Business Solutions A/S, NetOp Driver 3) 0xAE8C7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF8A67000 pciide.sys 4096 bytes (Microsoft Corporation, Driver bus PCI IDE generico) !!!!!!!!!!!Hidden driver: 0x82206AEA ?_empty_? 1302 bytes 0x82206EC5 unknown_irp_handler 315 bytes !!!!!!!!!!!Hidden driver: 0x821CCF38 ?_empty_? 0 bytes ============================================== >Stealth ============================================== 0xF8408000 WARNING: suspicious driver modification [atapi.sys::0x82206AEA] 0xF83AD000 WARNING: Virus alike driver modification [WudfPf.sys], 77824 bytes ============================================== >Files ============================================== !-->[Hidden] C:\Documents and Settings\All Users\Dati applicazioni\Real\setup\config.ini::$DATA !-->[Hidden] C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\09YB8DIJ\general;net=ns;u=,ns-28733445_1276882087,1196fdbb4a0fae0,Miscellaneous,;;kw=;tile=3;ord1=103811;sz=12 0x600,160x600;ppos=btf;contx=Miscellaneous;btg=;ord=5495782714300470[2]].js ============================================== >Hooks ============================================== ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe] ntoskrnl.exe+0x0000B7BC, Type: Inline - RelativeJump 0x804E27BC-->804E2771 [ntoskrnl.exe] ntoskrnl.exe+0x0000B8A0, Type: Inline - PushRet 0x804E28A0-->9BAD7326 [unknown_code_page] ntoskrnl.exe+0x0000B8B8, Type: Inline - RelativeJump 0x804E28B8-->804E286D [ntoskrnl.exe] ntoskrnl.exe+0x0000BA94, Type: Inline - RelativeJump 0x804E2A94-->804E2A49 [ntoskrnl.exe] ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x805820F6-->AD73FBB2 [aswSP.SYS] ntoskrnl.exe-->NtCreateSection, Type: Inline - RelativeJump 0x8056469B-->AD73F9D6 [aswSP.SYS] ntoskrnl.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x805A5972-->AD73FB10 [aswSP.SYS] ntoskrnl.exe-->ObInsertObject, Type: Inline - RelativeJump 0x80564423-->AD73CFFA [aswSP.SYS] ntoskrnl.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x805A29A4-->AD73B5D4 [aswSP.SYS] [1116]explorer.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [1764]AvastUI.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [1884]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C8447ED-->00000000 [unknown_code_page] [192]alg.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2120]Scan2pc.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2152]WLTRAY.EXE-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2184]realsched.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2292]ctfmon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2304]jusched.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2344]picprtr.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2700]WZQKPICK.EXE-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2708]fppdis1.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2856]Monitor.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2880]kbd.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2896]hpsysdrv.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2904]hphmon05.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2928]dthtml.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [2948]ContentTransferWMDetector.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [296]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C925CBB-->00000000 [firefox.exe] [3012]HpqCmon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [3068]ALCXMNTR.EXE-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [3340]AdobeARM.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [3692]wuauclt.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [3760]AcroTray.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [3932]plugin-container.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [3932]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x77D64ED6-->00000000 [xul.dll] [532]ati2evxx.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [560]HookManager.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [616]svchost.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [848]winlogon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [896]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page] [896]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page] [896]services.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [944]hpqtra08.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] [972]CTSyncU.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x719DC29B-->00000000 [unknown_code_page] Link to post Share on other sites More sharing options...
kahdah Posted October 13, 2010 ID:326923 Share Posted October 13, 2010 One or more of the identified infections is a backdoor trojan or rootkit.This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.If you still want to clean it please do the following===================Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. ========Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
frankurb Posted October 14, 2010 Author ID:327232 Share Posted October 14, 2010 So the situation is serious. I will follow your suggestion and later I will completely format and reinstall the system. If possible I would prefer to do this later and temporarily I will try to clean the system and use it for one or two weeks more.I've just disconnected the infected computer from the Internet (disconnecting it from my home router and consequently from my home Lan). I' m using another computer connected (same LAN), which should be uninfected (I've just done a quick scan and a complete scan with malwarebytes and it didn't find anything). On the infected PC, I run TDSSKiller (it found and removed a malware) and Combofix.I paste the two reports here. Please I wait for your next suggestion about what to do.--------------------------------------------------------------------------------------------------------------------2010/10/14 17:59:36.0046 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:592010/10/14 17:59:36.0046 ================================================================================2010/10/14 17:59:36.0046 SystemInfo:2010/10/14 17:59:36.0046 2010/10/14 17:59:36.0046 OS Version: 5.1.2600 ServicePack: 2.02010/10/14 17:59:36.0046 Product type: Workstation2010/10/14 17:59:36.0046 ComputerName: PAVILION2010/10/14 17:59:36.0046 UserName: Proprietario2010/10/14 17:59:36.0046 Windows directory: C:\WINDOWS2010/10/14 17:59:36.0046 System windows directory: C:\WINDOWS2010/10/14 17:59:36.0046 Processor architecture: Intel x862010/10/14 17:59:36.0046 Number of processors: 12010/10/14 17:59:36.0046 Page size: 0x10002010/10/14 17:59:36.0046 Boot type: Normal boot2010/10/14 17:59:36.0046 ================================================================================2010/10/14 17:59:36.0484 Initialize success2010/10/14 17:59:48.0875 ================================================================================2010/10/14 17:59:48.0875 Scan started2010/10/14 17:59:48.0875 Mode: Manual;2010/10/14 17:59:48.0875 ================================================================================2010/10/14 17:59:50.0906 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys2010/10/14 17:59:51.0296 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/10/14 17:59:51.0453 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/10/14 17:59:51.0718 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys2010/10/14 17:59:52.0015 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys2010/10/14 17:59:52.0406 AFS2K (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys2010/10/14 17:59:52.0734 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys2010/10/14 17:59:53.0250 ALCXWDM (c1ee0356d7ff7dc7c5042a8baeaccc04) C:\WINDOWS\system32\drivers\ALCXWDM.SYS2010/10/14 17:59:53.0515 AmdK7 (a4ff6cfcd83941b3628779cb32959c2b) C:\WINDOWS\system32\DRIVERS\amdk7.sys2010/10/14 17:59:53.0796 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2010/10/14 17:59:54.0328 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys2010/10/14 17:59:54.0453 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys2010/10/14 17:59:54.0609 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys2010/10/14 17:59:54.0765 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys2010/10/14 17:59:54.0921 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys2010/10/14 17:59:55.0062 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/10/14 17:59:55.0234 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/10/14 17:59:55.0578 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2010/10/14 17:59:55.0796 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/10/14 17:59:55.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/10/14 17:59:56.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/10/14 17:59:56.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/10/14 17:59:56.0453 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys2010/10/14 17:59:56.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/10/14 17:59:56.0968 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys2010/10/14 17:59:57.0312 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/10/14 17:59:58.0312 DgiVecp (d514b430e2989f846137828c90370c16) C:\WINDOWS\system32\Drivers\DgiVecp.sys2010/10/14 17:59:58.0453 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys2010/10/14 17:59:58.0640 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys2010/10/14 17:59:58.0796 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys2010/10/14 17:59:58.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/10/14 17:59:59.0109 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys2010/10/14 17:59:59.0375 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys2010/10/14 17:59:59.0546 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys2010/10/14 17:59:59.0718 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys2010/10/14 17:59:59.0890 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys2010/10/14 18:00:00.0031 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys2010/10/14 18:00:00.0234 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2010/10/14 18:00:00.0375 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys2010/10/14 18:00:00.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/10/14 18:00:00.0703 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/10/14 18:00:00.0859 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/10/14 18:00:01.0140 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys2010/10/14 18:00:01.0562 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/10/14 18:00:01.0718 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys2010/10/14 18:00:01.0875 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/10/14 18:00:02.0203 IntelIde (7c15b34147134381421d7044479a1d73) C:\WINDOWS\System32\DRIVERS\intelide.sys2010/10/14 18:00:02.0468 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys2010/10/14 18:00:02.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/10/14 18:00:02.0765 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/10/14 18:00:02.0921 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/10/14 18:00:03.0062 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/10/14 18:00:03.0218 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/10/14 18:00:03.0390 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/10/14 18:00:03.0546 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys2010/10/14 18:00:03.0687 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/10/14 18:00:03.0828 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys2010/10/14 18:00:04.0000 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys2010/10/14 18:00:04.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/10/14 18:00:04.0453 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys2010/10/14 18:00:04.0609 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys2010/10/14 18:00:04.0765 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/10/14 18:00:04.0906 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys2010/10/14 18:00:05.0234 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/10/14 18:00:05.0390 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/10/14 18:00:05.0562 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys2010/10/14 18:00:05.0718 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/10/14 18:00:05.0859 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/10/14 18:00:06.0031 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys2010/10/14 18:00:06.0171 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/10/14 18:00:06.0312 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys2010/10/14 18:00:06.0484 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys2010/10/14 18:00:06.0625 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys2010/10/14 18:00:06.0828 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys2010/10/14 18:00:07.0125 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys2010/10/14 18:00:07.0453 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/10/14 18:00:07.0734 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/10/14 18:00:07.0890 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/10/14 18:00:08.0046 NdisWDM (deb339ee37b08a309d5b1f70dc5a213e) C:\WINDOWS\system32\DRIVERS\ndiswdm.sys2010/10/14 18:00:08.0218 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys2010/10/14 18:00:08.0375 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/10/14 18:00:08.0531 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/10/14 18:00:08.0703 NHostNT1 (cf5df75276df70746acda5be7c581c77) C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS2010/10/14 18:00:08.0828 NHOSTNT3 (767e68e08da93d80c5835f29ca657abb) C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS2010/10/14 18:00:08.0968 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys2010/10/14 18:00:09.0109 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys2010/10/14 18:00:09.0250 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys2010/10/14 18:00:09.0406 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys2010/10/14 18:00:09.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/10/14 18:00:09.0796 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2010/10/14 18:00:10.0015 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys2010/10/14 18:00:10.0203 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys2010/10/14 18:00:10.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/10/14 18:00:10.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/10/14 18:00:10.0671 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2010/10/14 18:00:10.0828 PAC207 (16ea91ac88c700a3632ddb91c62834ec) C:\WINDOWS\system32\DRIVERS\PFC027.SYS2010/10/14 18:00:10.0984 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys2010/10/14 18:00:11.0125 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys2010/10/14 18:00:11.0281 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys2010/10/14 18:00:11.0437 PCASp50 (35f619167774b125411fc1a1d530b4a7) C:\WINDOWS\system32\Drivers\PCASp50.sys2010/10/14 18:00:11.0578 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys2010/10/14 18:00:11.0859 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/10/14 18:00:12.0000 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\drivers\Pcmcia.sys2010/10/14 18:00:12.0453 pdiddcci (d1fc85a4880539657bb4d3775da0c541) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys2010/10/14 18:00:12.0593 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys2010/10/14 18:00:13.0718 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys2010/10/14 18:00:13.0859 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/10/14 18:00:14.0000 Processor (2be7f01e46970e946aa18cba3de019eb) C:\WINDOWS\system32\DRIVERS\processr.sys2010/10/14 18:00:14.0156 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys2010/10/14 18:00:14.0312 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys2010/10/14 18:00:14.0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/10/14 18:00:14.0625 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys2010/10/14 18:00:15.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/10/14 18:00:15.0546 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/10/14 18:00:15.0703 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/10/14 18:00:15.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/10/14 18:00:16.0000 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/10/14 18:00:16.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/10/14 18:00:16.0312 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys2010/10/14 18:00:16.0468 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/10/14 18:00:16.0687 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/10/14 18:00:16.0828 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\WINDOWS\system32\DRIVERS\ser2pl.sys2010/10/14 18:00:16.0984 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/10/14 18:00:17.0140 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\DRIVERS\serial.sys2010/10/14 18:00:17.0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/10/14 18:00:17.0609 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys2010/10/14 18:00:17.0812 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys2010/10/14 18:00:18.0125 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys2010/10/14 18:00:18.0453 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys2010/10/14 18:00:18.0718 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys2010/10/14 18:00:18.0875 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys2010/10/14 18:00:19.0046 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys2010/10/14 18:00:19.0265 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys2010/10/14 18:00:19.0421 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/10/14 18:00:19.0593 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys2010/10/14 18:00:20.0453 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys2010/10/14 18:00:20.0625 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/10/14 18:00:20.0765 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/10/14 18:00:20.0906 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys2010/10/14 18:00:21.0062 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys2010/10/14 18:00:21.0203 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/10/14 18:00:21.0500 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys2010/10/14 18:00:21.0765 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys2010/10/14 18:00:21.0921 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/10/14 18:00:22.0046 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/10/14 18:00:22.0187 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/10/14 18:00:22.0343 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys2010/10/14 18:00:22.0468 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/10/14 18:00:22.0609 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/10/14 18:00:22.0750 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/10/14 18:00:22.0890 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/10/14 18:00:23.0046 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys2010/10/14 18:00:23.0187 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys2010/10/14 18:00:23.0343 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys2010/10/14 18:00:23.0500 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys2010/10/14 18:00:23.0656 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys2010/10/14 18:00:23.0828 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/10/14 18:00:24.0109 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys2010/10/14 18:00:24.0359 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys2010/10/14 18:00:24.0515 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS2010/10/14 18:00:24.0671 WudfPf (73ef98502bd7677601581abe0f719596) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/10/14 18:00:24.0671 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. Real md5: 73ef98502bd7677601581abe0f719596, Fake md5: f15feafffbb3644ccc80c5da584e63112010/10/14 18:00:24.0687 WudfPf - detected Rootkit.Win32.TDSS.tdl3 (0)2010/10/14 18:00:24.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2010/10/14 18:00:25.0031 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys2010/10/14 18:00:25.0234 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys2010/10/14 18:00:25.0328 ================================================================================2010/10/14 18:00:25.0328 Scan finished2010/10/14 18:00:25.0328 ================================================================================2010/10/14 18:00:25.0343 Detected object count: 12010/10/14 18:00:43.0906 WudfPf (73ef98502bd7677601581abe0f719596) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/10/14 18:00:43.0906 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. Real md5: 73ef98502bd7677601581abe0f719596, Fake md5: f15feafffbb3644ccc80c5da584e63112010/10/14 18:00:45.0656 Backup copy not found, trying to cure infected file..2010/10/14 18:00:45.0656 Cure success, using it..2010/10/14 18:00:45.0718 C:\WINDOWS\system32\DRIVERS\WudfPf.sys - will be cured after reboot2010/10/14 18:00:45.0718 Rootkit.Win32.TDSS.tdl3(WudfPf) - User select action: Cure2010/10/14 18:00:57.0859 Deinitialize success------------------------------------------------------------------------------------------------------------------------------------------ComboFix 10-10-12.03 - Proprietario 14/10/2010 18.12.46.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.187 [GMT 2:00]Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exeAV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}.((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Proprietario\Documenti\Readiris.DUSc:\documents and settings\Proprietario\Systemc:\documents and settings\Proprietario\System\win_qs8.jqxc:\windows\system32\drivers\etc\lmhostsc:\windows\system32\vbzlib1.dllD:\Autorun.infH:\Autorun.inf.((((((((((((((((((((((((( Files Creati Da 2010-09-14 al 2010-10-14 ))))))))))))))))))))))))))))))))))).2010-10-12 07:29 . 2010-10-12 07:29 827392 ----a-w- c:\windows\system32\FLASH.OCX2010-10-12 07:29 . 2010-10-12 07:29 -------- d-sh--w- c:\windows\ftpcache2010-10-11 20:22 . 2010-10-11 20:22 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Genie-Soft2010-10-11 20:05 . 2010-10-11 20:05 -------- d-----w- c:\programmi\Genie-Soft2010-10-11 19:51 . 2010-10-11 20:05 -------- d-----w- c:\programmi\Outlook Express Backup Wizard2010-10-11 13:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-10-11 13:37 . 2010-10-13 17:45 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware2010-10-11 13:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-10-11 13:28 . 2010-10-11 13:28 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities2010-10-10 18:06 . 2010-10-10 18:06 388096 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2010-10-10 18:06 . 2010-10-10 18:06 -------- d-----w- c:\programmi\Trend Micro2010-10-10 17:58 . 2010-10-10 17:58 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\TestOfficePro2010-10-10 17:58 . 2010-10-10 17:58 -------- d-----w- c:\programmi\SunRav TestOfficePro 52010-10-10 17:22 . 2010-10-10 17:46 -------- d-----w- c:\programmi\Test Generator2010-10-09 16:46 . 2010-10-09 16:46 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data2010-10-09 16:39 . 2010-10-09 16:39 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop2010-10-09 16:39 . 2010-10-09 16:39 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Netop2010-10-09 16:39 . 2010-10-09 17:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Danware Data2010-10-09 16:39 . 2010-10-09 16:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Netop2010-10-09 16:38 . 2010-08-04 07:51 9784 ----a-w- c:\windows\system32\NHOSTNT4.DLL2010-10-09 16:38 . 2010-08-04 07:51 10456 ----a-w- c:\windows\system32\drivers\NHOSTNT3.SYS2010-10-09 16:38 . 2010-08-04 07:51 104192 ----a-w- c:\windows\system32\drivers\NHOSTNT1.SYS2010-10-09 16:38 . 2010-10-09 16:38 -------- d-----w- c:\programmi\Netop2010-09-16 16:43 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr2010-09-16 16:43 . 2010-09-16 16:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))).2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll.------- Sigcheck -------[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\atapi.sys[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys[-] 2003-09-22 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys[-] 2003-09-22 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\asyncmac.sys[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys[-] 2003-09-22 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys[-] 2003-09-22 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\kbdclass.sys[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\kbdclass.sys[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\kbdclass.sys[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\kbdclass.sys[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys[-] 2003-09-22 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\kbdclass.sys[-] 2002-09-09 . FDC8697A1D58548BF9A4416435509143 . 23936 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ndis.sys[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntfs.sys[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys[-] 2003-09-23 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\I386\NTFS.SYS[-] 2003-09-22 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys[-] 2003-09-22 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\tcpip.sys[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\browser.dll[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\lsass.exe[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\netman.dll[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll[-] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\qmgr.dll[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll[-] 2004-07-01 . 49694F409B77A12967491707ED6ABCF1 . 360448 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll[-] 2009-02-09 . BD0E7E3F65B0AFDC1CBDEF402CCAF6EC . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\rpcss.dll[-] 2005-01-14 . 0A2452E3786E4C4F3467580FA6D8905B . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll[-] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll[-] 2003-09-23 . D3553AA5CA7CDD9BB01D72374A7069D7 . 202752 . . [5.1.2600.1243] . . c:\windows\I386\rpcss.dll[-] 2003-08-26 . A004985029FE4D9971CCAA703DE10D66 . 260608 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp1qfe\rpcss.dll[-] 2003-08-26 . A004985029FE4D9971CCAA703DE10D66 . 260608 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2gdr\rpcss.dll[-] 2003-08-26 . A004985029FE4D9971CCAA703DE10D66 . 260608 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2qfe\rpcss.dll[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe[-] 2009-02-09 . BCF1770A35BDA3BD13A9E2054F15F37E . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\services.exe[-] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\spoolsv.exe[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe[-] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\winlogon.exe[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\comctl32.dll[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\asms\60\msft\windows\common\controls\comctl32.dll[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll[-] 2006-08-25 . 837B282813808C17E9C94E56300AA29E . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll[-] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll[-] 2004-08-19 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll[-] 2003-09-23 . 5B2E5D8B302ADCD38DDEA75C4771AD59 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll[-] 2003-09-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL[-] 2003-09-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\cryptsvc.dll[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll[-] 2008-07-07 20:17 . F50ACDBA24EBBE21F8C0671367F36291 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\es.dll[-] 2004-08-19 22:39 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll[-] 2003-09-22 22:12 . 7D1BBB8D1CAB841920E45B7276B52946 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp1qfe\es.dll[-] 2003-09-22 22:12 . 7D1BBB8D1CAB841920E45B7276B52946 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2gdr\es.dll[-] 2003-09-22 22:12 . 7D1BBB8D1CAB841920E45B7276B52946 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2qfe\es.dll[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\imm32.dll[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll[-] 2009-03-21 . C71A4010BBA2B2998FDF28130E8A0173 . 1030144 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll[-] 2009-03-21 . C71A4010BBA2B2998FDF28130E8A0173 . 1030144 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll[-] 2009-03-21 . 98993B11907E932A7ED121AAEEC2F3E0 . 1033216 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\kernel32.dll[-] 2006-07-05 . 4BBAA51F3CE5852AE38C98F3E1272580 . 1029120 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll[-] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\linkinfo.dll[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll[-] 2005-09-01 . B737A3DA2C0A605CE2C7E118C59F38C7 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll[-] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\lpk.dll[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll[-] 2010-04-16 . 7B3A14D187802BC29A44620D3074E8A8 . 3094016 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll[-] 2010-04-16 . 3F87A5A56C480BB8CA155F47A858C498 . 3094528 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll[-] 2010-04-16 . 4F0997256A2B2929E4A3913D15978F8B . 3086336 . . [6.00.2900.3698] . . c:\windows\system32\mshtml.dll[-] 2010-04-16 . 4F0997256A2B2929E4A3913D15978F8B . 3086336 . . [6.00.2900.3698] . . c:\windows\system32\dllcache\mshtml.dll[-] 2010-04-16 . 1F2022194DD06B082D7E9D2A06F8FBC8 . 3094016 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll[-] 2010-02-26 . 4B851FFF2CC1F0D5725987CD4C492D37 . 3094016 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\mshtml.dll[-] 2010-02-26 . B245BB63ED69169001423D0A6BE5F0A0 . 3086336 . . [6.00.2900.3676] . . c:\windows\$NtUninstallKB982381$\mshtml.dll[-] 2010-02-26 . 83E63A7028DDE60F020624ECBEE8D21A . 3094016 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\mshtml.dll[-] 2010-02-26 . 1C66DB3BA3877F9B94101D5DCF5498E9 . 3094528 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll[-] 2009-12-22 . CE2972F551F041ADF724B4D97AAD382E . 3084800 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\mshtml.dll[-] 2009-12-22 . 4C654B80B8275D48E3D74B8E7B7D66E4 . 3092480 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll[-] 2009-12-22 . 781D8BBB05B1EF70E107C83394967F22 . 3092480 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll[-] 2009-12-22 . C2A4CFBD3B4D14DA6490F609F0E0D517 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll[-] 2009-10-29 . 77DF86D77F3E79070FA85CDA7660CE52 . 3091968 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll[-] 2009-10-29 . DC8DA6BF62FDE63D4D889C1F89A1D7B3 . 3084288 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207$\mshtml.dll[-] 2009-10-29 . 786BAE8C3F5ED28FECB54414F9EC0187 . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll[-] 2009-10-29 . 869D7289D05E02CE74DC84526FB5B96A . 3091968 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\mshtml.dll[-] 2009-10-20 . 0A711DCFE372748B2F3715027D2BACB9 . 3084288 . . [6.00.2900.3636] . . c:\windows\$NtUninstallKB976325$\mshtml.dll[-] 2009-10-20 . ACE9E469D40CAC0ACF96EE63F3F0A6D1 . 3091968 . . [6.00.2900.3636] . . c:\windows\$hf_mig$\KB976749\SP2QFE\mshtml.dll[-] 2009-10-19 . 3F914B25B48D3D5986E13407593975BF . 3091968 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3GDR\mshtml.dll[-] 2009-10-19 . 2C5A0565400ABAC619843994DF328594 . 3093504 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll[-] 2009-09-25 . 0F1B42C3066E72B82F5672ACD1D0CB5A . 3084288 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976749$\mshtml.dll[-] 2009-09-25 . F51070F43B6C4B2BAA937CF1A8CB59A4 . 3091968 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\mshtml.dll[-] 2009-09-25 . 99CA70AA39E224BCFC28F119078C8AB0 . 3091968 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\mshtml.dll[-] 2009-09-25 . 4747901153EB7281AE9CA77180810071 . 3093504 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll[-] 2009-07-18 . 36EEDBEEBAB9501054F015949EE13A9F . 3083264 . . [6.00.2900.3603] . . c:\windows\$NtUninstallKB974455$\mshtml.dll[-] 2009-07-18 . E0F562646D092A4331F395C7FF2082EA . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll[-] 2009-07-18 . F34657661DAEA10A730DB02BB648D20E . 3090432 . . [6.00.2900.3603] . . c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll[-] 2009-07-18 . BC76BE4EB17F5915DAB7D9374B5F6A3E . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll[-] 2009-04-29 . CA88F7CDB0E111150F951903866D93ED . 3081728 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll[-] 2009-04-29 . 99007AC96F8440F8FAF543CA5E5F0109 . 3089920 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll[-] 2009-04-29 . 5E371EC68D4D6F67D354A65BD5C9DF22 . 3089920 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll[-] 2009-04-29 . AD361BA2FFC722CCE2A968056697428E . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mshtml.dll[-] 2006-06-30 17:38 . A53F80B20017A5F6CC72F2628E0EBBD2 . 2710528 . . [6.00.2800.1562] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\RTMQFE\mshtml.dll[-] 2006-06-30 08:52 . 3851F37FAD2C795057EEC718573FD61D . 2703872 . . [6.00.2800.1561] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\rtmgdr\mshtml.dll[-] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\msvcrt.dll[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\asms\70\msft\windows\mswincrt\msvcrt.dll[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll[-] 2004-08-19 . F1B3C3DE9374C4A7B29A92BD749404B5 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll[-] 2003-09-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL[-] 2003-09-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll[-] 2003-09-23 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll[-] 2008-06-20 . DBEA9D34E2A62E3484F65AC975566D7B . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mswsock.dll[-] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll[-] 2009-02-06 . 0908290F2D809BAB461E6AE8740B4EF9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll[-] 2009-02-06 . 0908290F2D809BAB461E6AE8740B4EF9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\netlogon.dll[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll[-] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe[-] 2010-02-16 . AC8D84A613D3FB2952B58D329AD4DC78 . 2185088 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe[-] 2010-02-16 . AC8D84A613D3FB2952B58D329AD4DC78 . 2185088 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe[-] 2010-02-16 . AC8D84A613D3FB2952B58D329AD4DC78 . 2185088 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe[-] 2010-02-16 . BBBEA4BEF0F730C9DFB2F5F8F4BEE2C3 . 2190592 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe[-] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe[-] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe[-] 2009-12-09 . B03AD22FA67AB241BC0D5AE4CAFFBE7F . 2184064 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe[-] 2009-12-09 . 57BEA2F197B764CDA187B4705B46923D . 2189696 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe[-] 2009-12-09 . 98DC3ECBFF9994180A03298B7471F60F . 2192896 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe[-] 2009-08-04 . 1A170E77374594CA4C5D4CA2AB1DE2FF . 2189696 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe[-] 2009-08-04 . 76E56DCF3A82E429115900175F235FB2 . 2184064 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe[-] 2009-02-09 . 8B00193F2405A83F834DB1E43C1B566C . 2184192 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe[-] 2009-02-09 . 653218414CC0F50BDB8F9C51057D5A3C . 2189824 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntoskrnl.exe[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe[-] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\powrprof.dll[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\scecli.dll[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\sfc.dll[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\svchost.exe[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\tapisrv.dll[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll[-] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\user32.dll[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll[-] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\userinit.exe[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe[-] 2010-04-16 . 54566A154F28D667393600502883A927 . 669696 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll[-] 2010-04-16 . 41918A89F1EBF4CAA998CD81538B7805 . 671232 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll[-] 2010-04-16 . AD99B1546DA0ECEB2A8402B35B3D9A50 . 664576 . . [6.00.2900.3698] . . c:\windows\system32\wininet.dll[-] 2010-04-16 . AD99B1546DA0ECEB2A8402B35B3D9A50 . 664576 . . [6.00.2900.3698] . . c:\windows\system32\dllcache\wininet.dll[-] 2010-04-16 . 373824FF52E1B7C8965ADE5E7719D334 . 671232 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll[-] 2010-02-26 . 302F76425AF75DE9FAA367F97842B966 . 664576 . . [6.00.2900.3676] . . c:\windows\$NtUninstallKB982381$\wininet.dll[-] 2010-02-26 . 26DBEE6163E06B23085DAA0EB9541A06 . 671232 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\wininet.dll[-] 2010-02-26 . DD49C2B657B801DDEF1216B5F679F6B9 . 669696 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\wininet.dll[-] 2010-02-26 . D88DCDDE9E462CCB52C0D27979EC7EE1 . 671232 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll[-] 2009-12-22 . DB95F61D2CE5BAF56D882BF73D546A5F . 664576 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\wininet.dll[-] 2009-12-22 . A4F025486E12C67A300363018C765FEA . 671232 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll[-] 2009-12-22 . 0B7D419780EDF5324012D319C3B5722A . 669696 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll[-] 2009-12-22 . 932549F9154A990B300E8CE55B9A2201 . 671232 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll[-] 2009-10-29 . D298BE5FEEE9E8267428640162DF366A . 664576 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207$\wininet.dll[-] 2009-10-29 . 403038761DBD70C05941576C4E535874 . 669696 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll[-] 2009-10-29 . 6DAD8A508C5F206BB0E47FF8EDB0E4CE . 671232 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll[-] 2009-10-29 . CFB002E83F763437E61C478706170EF4 . 671232 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll[-] 2009-09-25 . 42A181486FC88269C1DA823A445399D5 . 664576 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976325$\wininet.dll[-] 2009-09-25 . B9CE02CE07229257F12140FF9EC55E61 . 671232 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\wininet.dll[-] 2009-09-25 . 7CCD983FB07873527ED0145E0B0BE49C . 669696 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll[-] 2009-09-25 . CE72F46F69F0002BAC1513D297A65D42 . 671232 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll[-] 2009-06-26 . 0B823D7A32D727B3088319D51D2EC7C7 . 669184 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll[-] 2009-06-26 . 3EA1BC97CDA43FE367F293DE72E6EB39 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll[-] 2009-06-26 . 892D42FDF50A69C13A1D8C8A8531AEAC . 662016 . . [6.00.2900.3592] . . c:\windows\$NtUninstallKB974455$\wininet.dll[-] 2009-06-26 . 32E085EF9486E9EF242B50530976B723 . 670720 . . [6.00.2900.3592] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll[-] 2009-04-29 . 3B5FBFDC4D48B75E5D03AE9229970E54 . 662016 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll[-] 2009-04-29 . 9654C66FDD3BCC600C9F967E7429D9F4 . 669184 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll[-] 2009-04-29 . B037F07DD8170D4C393A940ACC08A332 . 670720 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll[-] 2009-04-29 . AFBC8C279B490FECC5077A104F6FED4F . 670720 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\wininet.dll[-] 2006-06-23 19:47 . ED5E8F18F13327DB53801AFB00BACEC2 . 591872 . . [6.00.2800.1560] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\RTMQFE\wininet.dll[-] 2006-06-23 11:28 . FCBE9779A18B21378F8FF41B2CC80AFD . 579584 . . [6.00.2800.1559] . . c:\windows\SoftwareDistribution\Download\8b116618ab7ac6bd77d813654274dbc9\rtmgdr\wininet.dll[-] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ws2_32.dll[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ws2help.dll[-] 2004-08-19 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2help.dll[-] 2004-08-19 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\explorer.exe[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\explorer.exe[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ole32.dll[-] 2005-01-14 . 1CFD33AAA3238DA1BB0309359E8C1186 . 1284608 . . [5.1.2600.2595] . . c:\windows\system32\ole32.dll[-] 2005-01-14 . 62942407E0568319942E28F9629F7DB8 . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll[-] 2004-08-19 . 66364440C71911D07468F3791206FB87 . 1281024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ole32.dll[-] 2003-09-23 . 2A241C4DDA4060C1A8A44CA19B67EB74 . 1120256 . . [5.1.2600.1243] . . c:\windows\I386\ole32.dll[-] 2003-08-26 . D6EB23AAC5D276020340FB178E70A7F9 . 1172992 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp1qfe\ole32.dll[-] 2003-08-26 . D6EB23AAC5D276020340FB178E70A7F9 . 1172992 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2gdr\ole32.dll[-] 2003-08-26 . D6EB23AAC5D276020340FB178E70A7F9 . 1172992 . . [5.1.2600.1263] . . c:\windows\SoftwareDistribution\Download\0e1620cde5669d3991660e7238036985\backup\sp2qfe\ole32.dll[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\srsvc.dll[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\wscntfy.exe[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\xmlprov.dll[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\eventlog.dll[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\sfcfiles.dll[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ctfmon.exe[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\shsvcs.dll[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\regsvc.dll[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\schedsvc.dll[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ssdpsrv.dll[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\termsrv.dll[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll[-] 2003-09-22 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\aec.sys[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\agp440.sys[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ip6fw.sys[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mfc40u.dll[-] 2003-09-23 12:44 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll[-] 2003-09-23 12:44 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\msgsvc.dll[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll[-] 2008-04-14 02:13 . C5B8FF892ECDBE965E1E3F47013E7917 . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\mspmsnsv.dll[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll[-] 2004-10-11 09:20 . C9BF4BC4D24A3A25E4A4894499FD9A6A . 25088 . . [10.0.3790.3650] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll[-] 2004-10-11 09:20 . C9BF4BC4D24A3A25E4A4894499FD9A6A . 25088 . . [10.0.3790.3650] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll[-] 2004-08-19 22:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll[-] 2004-08-19 22:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll[-] 2010-02-17 . EAB8C02BE368E4E30F5DECBA0AECDA9B . 2067456 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe[-] 2010-02-16 . 60C3FBEE51DFCE102C8ED9507BC7001B . 2062080 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe[-] 2010-02-16 . 60C3FBEE51DFCE102C8ED9507BC7001B . 2062080 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe[-] 2010-02-16 . 60C3FBEE51DFCE102C8ED9507BC7001B . 2062080 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe[-] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe[-] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe[-] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe[-] 2009-12-09 . C6DCB81BF7832D20E1876A65DE9B0509 . 2061440 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe[-] 2009-12-09 . 1CC9F5ED8C8307567B8E0F0060B76CB1 . 2066816 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntkrnlpa.exe[-] 2009-12-09 . E303C3372889CADDA37B39876BA55660 . 2069760 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntkrnlpa.exe[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe[-] 2009-08-04 . 050E3F721A57B5B33313F3EB202EDC30 . 2066688 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe[-] 2009-08-04 . 5756F58B3B4C1285969EDB847D559F18 . 2061440 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe[-] 2009-02-09 . EF5DA3C7F20F9CD705B641FA90D472E0 . 2061440 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe[-] 2009-02-09 . A9E9D393BF5E247C526D39B9AF8DEF06 . 2066688 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntkrnlpa.exe[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe[-] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ntmssvc.dll[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll[-] 2004-08-19 22:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\upnphost.dll[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\dsound.dll[-] 2004-08-19 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\ServicePackFiles\i386\dsound.dll[-] 2004-08-19 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\d3d9.dll[-] 2004-08-19 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll[-] 2004-08-19 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\ddraw.dll[-] 2004-08-19 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\ddraw.dll[-] 2004-08-19 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\olepro32.dll[-] 2004-08-19 22:39 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\olepro32.dll[-] 2004-08-19 22:39 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\perfctrs.dll[-] 2004-08-19 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\perfctrs.dll[-] 2004-08-19 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\version.dll[-] 2004-08-19 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\version.dll[-] 2004-08-19 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll[-] 2008-04-14 . 173E49AEBB665C0577D751BA55F84B6C . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\iexplore.exe[-] 2004-08-19 . C49ED6E4358FFAECFE70FC8F3C67D224 . 93184 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe.((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824][HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2010-03-03 14:42 1362824 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824][HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824][HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NVIEW"="nview.dll" [2003-08-19 852038]"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]"Acme.PCHButton"="c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2003-01-01 155648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]"WinVNC"="c:\programmi\TightVNC\WinVNC.exe" [2009-03-05 585728]"WHITNEY_S2P"="c:\programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2005-02-15 69632]"USRobotics Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-06-19 1290240]"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-06-26 202256]"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-02 149280]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]"PICPRTR"="c:\svpro50c\PROGRAM\PICPRTR.EXE" [2001-05-01 73728]"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2002-10-30 364544]"nwiz"="nwiz.exe" [2003-08-19 323584]"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]"DT HPW"="c:\programmi\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]"ContentTransferWMDetector.exe"="c:\programmi\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]"CamMonitor"="c:\programmi\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 50176]"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK - c:\svpro90\PROGRAM\SVPRO.exe [2009-5-7 1667072]c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-10-18 82026]HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-7-20 122880][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="g:\\software\\FTP\\ws_ftp95.exe"="c:\\Programmi\\Messenger\\msmsgs.exe"="c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Programmi\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\ftp.exe"="c:\\Programmi\\yWorks\\yEd\\yEd.exe"="c:\\Programmi\\Hand-Crafted Software\\FreeProxy\\FreeProxy.exe"="c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"="c:\\Programmi\\Real\\RealPlayer\\realplay.exe"="c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"="c:\\WINDOWS\\system32\\java.exe"="c:\\Programmi\\Skype\\Phone\\Skype.exe"="c:\\Programmi\\Netop\\Netop School\\Teacher\\ntchw32.exe"="c:\\Programmi\\Netop\\Netop School\\Student\\nstdw32.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5900:TCP"= 5900:TCP:TightVnc Porta TcpR1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/07/2009 11.32.20 165584]R1 NHostNT1;NetOp Driver 1 ver. 9.51 (2010216);c:\windows\system32\drivers\NHOSTNT1.SYS [09/10/2010 18.38.45 104192]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2009 11.32.20 17744]R2 NetOp Host for NT Service;NetOp Helper ver. 9.51 (2010216);c:\programmi\Netop\Netop School\Student\NHOSTSVC.EXE [09/10/2010 19.27.44 1742872]R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 18.33.38 50704]R3 NHOSTNT3;NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [09/10/2010 18.38.45 10456]S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10/03/2010 8.18.20 24216]S3 NdisWDM;USRobotics NDIS-WDM Virtual Miniport Ethernet Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [12/07/2009 9.48.17 203920]S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 14.30.38 508160]S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/03/2010 11.17.14 25088]--- Altri Servizi/Drivers In Memoria ---*NewlyCreated* - KLMDB*Deregistered* - klmdb.Contenuto della cartella 'Scheduled Tasks'2010-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]2010-10-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]2010-10-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]2010-10-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job- c:\programmi\Ask.com\UpdateTask.exe [2010-03-03 14:42]2010-10-14 c:\windows\Tasks\SDMsgUpdate (TE).job- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-03-19 16:21]..------- Scansione supplementare -------.uStart Page = about:blankuDefault_Search_URL = hxxp://srch-it10.hpwis.com/mSearch Bar = hxxp://srch-it10.hpwis.com/IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000LSP: c:\windows\system32\nlsp.dllTCP: {B563E52A-1B75-47E5-B3B5-AE56F4478347} = 192.168.1.254TCP: {CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4} = 192.168.1.254FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\FF - prefs.js: browser.startup.homepage - hxxp://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gottoFF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q=FF - component: c:\programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dllFF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);.- - - - CHIAVI ORFANE RIMOSSE - - - -HKCU-Run-RecordNow! - (no file)HKLM-Run-VTTimer - VTTimer.exeSafeBoot-klmdb.sys.--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- Dlls caricate dai processi in esecuzione ---------------------- - - - - - - > 'winlogon.exe'(692)c:\windows\system32\Ati2evxx.dllc:\windows\System32\BCMLogon.dll- - - - - - - > 'lsass.exe'(748)c:\windows\system32\nlsp.dll.Ora fine scansione: 2010-10-14 18:29:05ComboFix-quarantined-files.txt 2010-10-14 16:29Pre-Run: 54.847.041.536 byte disponibiliPost-Run: 55.499.083.776 byte disponibili- - End Of File - - AAFD559577A79E06D14989CF0844E69C Link to post Share on other sites More sharing options...
kahdah Posted October 14, 2010 ID:327276 Share Posted October 14, 2010 Yes it is serious but the rootkit itself is now gone.Please do these follow up steps to confirm the machine is clean.Rename mbam back to the original name mbam.exe and make sure it run's.Please update\run Malwarebytes' Anti-Malware.Double Click the Malwarebytes Anti-Malware icon to run the application.Click on the update tab then click on Check for updates.If an update is found, it will download and install the latest version.Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.=====* Go here to run an online scannner from ESET.Note: You will need to use Internet explorer for this scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartCheck next options: Remove found threats and Scan unwanted applications.Click ScanWait for the scan to finishUse notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
frankurb Posted October 15, 2010 Author ID:327638 Share Posted October 15, 2010 Ok. Yesterday I already tryed to run Malwarebytes before reading your answer and it started and executed regularly. I run it 3 times:1. Quick scan (db version: 4052)2. Complete scan (db version: 4052)3. Quick scan (updated database, db version: 4824)I paste all the three outputs. This morning I run the ESET online scanner, which found some other threats. Log.txt is pasted here. Please tell me if you think there are some other things I can do to stay (more or less) carefree.In particular, I have three questions:1) I used on this pc the free version of Avast. Is it normal that pc gets infected with the avast running?2) What can I do to better prevent these kinds of problems?3) I used VNC (TightVNC, server mode), because sometimes I connect to the pc (inside the home lan) from a notebook. I see that the eset scanner classified this as a threat. Does this mean that I should never use VNC programs?Thanks again for your help and your patience. ----------------------------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgVersione database: 4052Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.218014/10/2010 19.00.36mbam-log-2010-10-14 (19-00-36).txtTipo di scansione: Scansione veloceElementi esaminati: 131779Tempo trascorso: 7 minuti, 43 secondiProcessi infetti in memoria: 0Moduli di memoria infetti: 0Chiavi di registro infette: 0Valori di registro infetti: 0Voci infette nei dati di registro: 0Cartelle infette: 0File infetti: 0Processi infetti in memoria:(Non sono stati rilevati elementi nocivi)Moduli di memoria infetti:(Non sono stati rilevati elementi nocivi)Chiavi di registro infette:(Non sono stati rilevati elementi nocivi)Valori di registro infetti:(Non sono stati rilevati elementi nocivi)Voci infette nei dati di registro:(Non sono stati rilevati elementi nocivi)Cartelle infette:(Non sono stati rilevati elementi nocivi)File infetti:(Non sono stati rilevati elementi nocivi)----------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgVersione database: 4052Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.218014/10/2010 20.41.34mbam-log-2010-10-14 (20-41-34).txtTipo di scansione: Scansione completa (C:\|D:\|G:\|H:\|)Elementi esaminati: 514228Tempo trascorso: 1 ore, 38 minuti, 16 secondiProcessi infetti in memoria: 0Moduli di memoria infetti: 0Chiavi di registro infette: 0Valori di registro infetti: 0Voci infette nei dati di registro: 0Cartelle infette: 0File infetti: 3Processi infetti in memoria:(Non sono stati rilevati elementi nocivi)Moduli di memoria infetti:(Non sono stati rilevati elementi nocivi)Chiavi di registro infette:(Non sono stati rilevati elementi nocivi)Valori di registro infetti:(Non sono stati rilevati elementi nocivi)Voci infette nei dati di registro:(Non sono stati rilevati elementi nocivi)Cartelle infette:(Non sono stati rilevati elementi nocivi)File infetti:G:\backups\backupAspireFrank.2006.06.27\software\antiworm\antispy.exe (Rogue.Installer) -> Quarantined and deleted successfully.G:\software\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.G:\software\antiworm\antispy.exe (Rogue.Installer) -> Quarantined and deleted successfully.------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgVersione database: 4824Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.218014/10/2010 21.19.13mbam-log-2010-10-14 (21-19-13).txtTipo di scansione: Scansione veloceElementi esaminati: 154284Tempo trascorso: 10 minuti, 33 secondiProcessi infetti in memoria: 0Moduli di memoria infetti: 0Chiavi di registro infette: 0Valori di registro infetti: 0Voci infette nei dati di registro: 0Cartelle infette: 0File infetti: 0Processi infetti in memoria:(Non sono stati rilevati elementi nocivi)Moduli di memoria infetti:(Non sono stati rilevati elementi nocivi)Chiavi di registro infette:(Non sono stati rilevati elementi nocivi)Valori di registro infetti:(Non sono stati rilevati elementi nocivi)Voci infette nei dati di registro:(Non sono stati rilevati elementi nocivi)Cartelle infette:(Non sono stati rilevati elementi nocivi)File infetti:(Non sono stati rilevati elementi nocivi)--------------------------------------------------------------------------------------------ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OKesets_scanner_update returned -1 esets_gle=53251# version=7# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=235a798bd506e841bdfd1bea19c438a0# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2010-10-15 12:13:24# local_time=2010-10-15 02:13:24 (+0100, ora legale Europa occidentale)# country="Italy"# lang=9# osver=5.1.2600 NT Service Pack 2# compatibility_mode=512 16777215 100 0 395002 395002 0 0# compatibility_mode=768 16777215 100 0 2472977 2472977 0 0# compatibility_mode=8192 67108863 100 0 1441 1441 0 0# scanned=393954# found=10# cleaned=10# scan_time=15801C:\Documents and Settings\Proprietario\Dati applicazioni\Sun\Java\Deployment\cache\6.0\25\7bb08f99-27370489 multiple threats (deleted - quarantined) 00000000000000000000000000000000 CC:\Programmi\Wise Disk Cleaner\AUpdate.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 CC:\Programmi\Wise Disk Cleaner\WiseDiskCleaner.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 CC:\Programmi\Wise Registry Cleaner\AUpdate.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{8C71F177-3010-448E-A67A-584B5054E86A}\RP3\A0004436.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{8C71F177-3010-448E-A67A-584B5054E86A}\RP3\A0004437.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{8C71F177-3010-448E-A67A-584B5054E86A}\RP3\A0004438.dll a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 CG:\software\virtualNetComputing\tightvnc-1.2.9-setup.exe Win32/RemoteAdmin.WinVNC application (deleted - quarantined) 00000000000000000000000000000000 CG:\_download\WDC4Pro.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 CG:\_download\WRC4Pro(2).exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
kahdah Posted October 15, 2010 ID:327724 Share Posted October 15, 2010 Please tell me if you think there are some other things I can do to stay (more or less) carefree. I will provide prevention methods when we are finished.In particular, I have three questions:1) I used on this pc the free version of Avast. Is it normal that pc gets infected with the avast running? Yes it does not matter what you have you can always get infected.No malware software is 1-00% effective against malware.2) What can I do to better prevent these kinds of problems? Run regular scan's keep all software up to date. 3) I used VNC (TightVNC, server mode), because sometimes I connect to the pc (inside the home lan) from a notebook. I see that the eset scanner classified this as a threat. Does this mean that I should never use VNC programs? It is not a threat but they detect it as (riskware) they name it that because although it is legitimate it can be used maliciously.Same goes for any remote software.==========================Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply. Link to post Share on other sites More sharing options...
frankurb Posted October 15, 2010 Author ID:327775 Share Posted October 15, 2010 Ok, here is the OTL.txt. I wait for your next reply.Greetings.Francesco---------------------------------------------------------------------------------------------------------------OTL logfile created on: 15/10/2010 20.37.07 - Run 4OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Proprietario\DesktopWindows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy511,00 Mb Total Physical Memory | 215,00 Mb Available Physical Memory | 42,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\ProgrammiDrive C: | 72,47 Gb Total Space | 51,13 Gb Free Space | 70,55% Space Free | Partition Type: NTFSDrive D: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,80% Space Free | Partition Type: FAT32Drive G: | 293,88 Gb Total Space | 219,97 Gb Free Space | 74,85% Space Free | Partition Type: NTFSDrive H: | 4,20 Gb Total Space | 0,58 Gb Free Space | 13,75% Space Free | Partition Type: FAT32Computer Name: PAVILION | User Name: Proprietario | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Proprietario\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)PRC - C:\Programmi\Alwil Software\Avast5\AvastUI.exe (AVAST Software)PRC - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)PRC - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)PRC - C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)PRC - C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)PRC - C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)PRC - C:\Programmi\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc)PRC - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()PRC - C:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)PRC - C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)PRC - C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()PRC - C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)PRC - C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)PRC - C:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()PRC - C:\SVPRO50C\PROGRAM\picserv.exe ()PRC - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)PRC - C:\SVPRO50C\PROGRAM\picprtr.exe ()========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Proprietario\Desktop\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not foundSRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not foundSRV - (avast! Web Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)SRV - (avast! Mail Scanner) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)SRV - (avast! Antivirus) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXE (Netop Business Solutions A/S)SRV - (winvnc) -- C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)SRV - (DTSRVC) -- C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe ()SRV - (Pacific Image Comm. Fax Server) -- C:\SVPRO50C\PROGRAM\picserv.exe ()========== Driver Services (SafeList) ==========DRV - (catchme) -- C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\catchme.sys File not foundDRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)DRV - (NHostNT1) NetOp Driver 1 ver. 9.51 (2010216) -- C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS (Netop Business Solutions A/S)DRV - (NHOSTNT3) NetOp Driver 3 ver. 9.51 (2010216) (NHOSTNT3) -- C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS (Netop Business Solutions A/S)DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation)DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)DRV - (NdisWDM) -- C:\WINDOWS\system32\drivers\NdisWDM.sys (Broadcom Corporation)DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (DeviceGuys, Inc.)DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.ilmeteo.it/meteo/Barcellona+Pozzo+di+Gotto|http://www.tempoitalia.it/meteo/barcellona_pozzo_di_gotto"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=it_IT&apn_uid=91D6447C-EF1A-401E-8493-9D1D345CC239&apn_ptnrs=Q6&apn_sauid=8F2488AA-8FD3-46C7-ACF0-E1033270C125&apn_dtid=YYYYYYYYIT&q="FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/10/02 10.15.31 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/26 09.39.48 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/26 11.39.33 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/09/17 15.45.06 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/09/17 15.45.06 | 000,000,000 | ---D | M][2009/07/20 11.00.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions[2009/07/20 11.00.23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2010/10/15 09.22.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions[2010/06/26 11.03.30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\j5znh9e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/10/15 09.22.50 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions[2010/09/17 15.45.06 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2010/09/03 09.41.03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2009/10/02 10.15.46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}[2010/09/17 15.44.56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll[2010/09/17 15.44.56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll[2009/10/02 10.15.29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll[2010/09/17 15.44.59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll[2010/08/13 07.03.40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll[2010/06/26 11.39.14 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll[2009/07/20 23.03.33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll[2009/07/20 23.03.34 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll[2010/06/26 11.39.44 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll[2010/06/26 11.39.06 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll[2010/07/29 12.04.41 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml[2010/07/29 12.04.41 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml[2010/07/29 12.04.41 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml[2010/07/29 12.04.41 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml[2010/07/29 12.04.41 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml[2010/07/29 12.04.41 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xmlO1 HOSTS File: ([2010/10/14 18.22.32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.O3 - HKLM\..\Toolbar: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\ShellBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Vista HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\HpqCmon.exe ()O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)O4 - HKLM..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (FinePrint Software, LLC)O4 - HKLM..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\picprtr.exe ()O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\qttask.exe (Apple Inc.)O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [updateManager] C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe (Sonic Solutions)O4 - HKLM..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (U.S. Robotics Corporation)O4 - HKLM..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()O4 - HKLM..\Run: [WinVNC] C:\Programmi\TightVNC\WinVNC.exe (TightVNC Group)O4 - HKCU..\Run: [Acme.PCHButton] C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [CTSyncU.exe] C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe ()O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing LP)O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\nlsp.dll (Netop Business Solutions A/S)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O12 - Plugin for: .spop - C:\Programmi\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)O15 - HKCU\..Trusted Domains: ([]msn in Risorse del computer)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (Pagina iniziale corrente) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]O32 - AutoRun File - [2003/01/01 22.41.29 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2001/07/27 21.07.38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/10/15 20.34.50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe[2010/10/15 09.25.57 | 000,000,000 | ---D | C] -- C:\Programmi\ESET[2010/10/14 18.09.07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2010/10/14 18.09.07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2010/10/14 18.09.07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2010/10/14 18.09.07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2010/10/14 18.09.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010/10/14 18.07.39 | 000,000,000 | ---D | C] -- C:\Qoobox[2010/10/14 17.58.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Desktop\emergenza.ottobre.2010[2010/10/12 09.29.37 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX[2010/10/12 09.29.37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache[2010/10/11 22.24.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\My Backups[2010/10/11 22.22.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Genie-Soft[2010/10/11 22.05.27 | 000,000,000 | ---D | C] -- C:\Programmi\Genie-Soft[2010/10/11 21.51.40 | 000,000,000 | ---D | C] -- C:\Programmi\Outlook Express Backup Wizard[2010/10/11 15.37.08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/10/11 15.37.03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/10/11 15.37.03 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware[2010/10/10 20.11.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss[2010/10/10 20.06.36 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro[2010/10/10 20.02.10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe[2010/10/10 19.58.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\TestOfficePro[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\TestOfficePro[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Programmi\SunRav TestOfficePro 5[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\My Tests[2010/10/10 19.58.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\Groups[2010/10/10 19.22.00 | 000,000,000 | ---D | C] -- C:\Programmi\Test Generator[2010/10/09 18.46.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Danware Data[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Netop[2010/10/09 18.39.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Netop[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Netop[2010/10/09 18.39.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Danware Data[2010/10/09 18.38.45 | 000,104,192 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT1.SYS[2010/10/09 18.38.45 | 000,010,456 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\drivers\NHOSTNT3.SYS[2010/10/09 18.38.45 | 000,009,784 | ---- | C] (Netop Business Solutions A/S) -- C:\WINDOWS\System32\NHOSTNT4.DLL[2010/10/09 18.38.15 | 000,000,000 | ---D | C] -- C:\Programmi\Netop[2010/09/16 18.43.41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr[2010/09/16 18.43.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software[2003/05/29 03.26.48 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/10/15 20.01.00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job[2010/10/15 19.42.11 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\1c.grigliaCompito.xls[2010/10/15 15.25.01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-127236828-1838644864-3023097073-1003.job[2010/10/15 15.24.59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-127236828-1838644864-3023097073-1003.job[2010/10/15 09.11.34 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job[2010/10/15 07.31.32 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT[2010/10/15 07.31.29 | 369,548,986 | ---- | M] () -- C:\WINDOWS\PICPRTR.DEB[2010/10/15 07.31.24 | 000,000,126 | ---- | M] () -- C:\WINDOWS\PICSERV.DEB[2010/10/15 07.31.13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat[2010/10/15 07.31.11 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys[2010/10/14 18.22.32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/10/14 17.54.48 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe[2010/10/14 17.32.36 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\infezioneVirusOttobre2010.doc[2010/10/14 16.22.40 | 000,037,222 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\sicurezza_RBNFNC62S04F206P.pdf[2010/10/13 20.03.38 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe[2010/10/13 19.55.35 | 000,023,522 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf[2010/10/13 19.45.13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/10/12 20.07.02 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE[2010/10/12 16.35.28 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk[2010/10/12 09.34.01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI[2010/10/12 09.29.37 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX[2010/10/11 22.05.01 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk[2010/10/11 15.45.42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\Easy OutLook Express Backup.lnk[2010/10/11 08.12.44 | 000,000,305 | RHS- | M] () -- C:\boot.ini[2010/10/10 20.06.13 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi[2010/10/10 20.03.36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Proprietario\Desktop\mbam-setup-1.46.exe[2010/10/10 19.43.44 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb[2010/10/10 19.42.20 | 000,389,120 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb[2010/10/09 19.37.00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Netop.INI[2010/10/06 18.49.01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/10/04 22.06.07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/10/04 19.24.44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc[2010/10/04 09.54.56 | 000,546,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc[2010/10/04 07.36.09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/09/25 16.22.14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc[2010/09/16 18.44.08 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk[2010/09/16 18.44.05 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2010/10/15 09.45.30 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\1c.grigliaCompito.xls[2010/10/14 18.09.07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010/10/14 18.09.07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2010/10/14 18.09.07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2010/10/14 18.09.07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010/10/14 18.09.07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2010/10/14 18.07.11 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe[2010/10/14 17.32.35 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\infezioneVirusOttobre2010.doc[2010/10/14 16.25.04 | 000,037,222 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\sicurezza_RBNFNC62S04F206P.pdf[2010/10/13 19.55.35 | 000,023,522 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\helpMalwareBytes.rtf[2010/10/13 17.44.16 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys[2010/10/12 20.08.32 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RKUnhookerLE.EXE[2010/10/11 21.51.40 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\Outlook Express Backup Wizard.lnk[2010/10/11 15.37.10 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/10/11 08.13.09 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk[2010/10/11 08.13.09 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk[2010/10/11 08.13.09 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\SuperVoice Pro.LNK[2010/10/11 08.13.09 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk[2010/10/10 20.06.36 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis.lnk[2010/10/10 20.05.53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\HiJackThis-2.0.4.msi[2010/10/10 19.43.17 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\New Test.mdb[2010/10/10 19.34.34 | 000,389,120 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Sample Class-New Test.mdb[2010/10/09 18.38.53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\Netop.INI[2010/10/04 18.20.10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\Mettiamo insieme un po.doc[2010/10/04 09.43.03 | 000,546,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\miniOrarioFrank.2010.11.doc[2010/09/25 16.22.13 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Proprietario\Documenti\napoliMonnezza.saviano.25.09.2010.doc[2010/09/16 18.44.08 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk[2010/07/13 17.01.34 | 000,012,979 | ---- | C] () -- C:\WINDOWS\winsight.ini[2010/02/17 18.14.35 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2010/01/27 18.56.13 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini[2009/11/21 17.56.07 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\cvf.ini[2009/11/16 18.33.38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll[2009/10/18 22.18.52 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll[2009/10/18 22.07.05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll[2009/10/18 17.29.45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll[2009/10/01 20.32.23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2009/09/11 18.08.00 | 000,000,358 | ---- | C] () -- C:\WINDOWS\PDvr4TWNViewer.INI[2009/07/21 11.58.27 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/07/21 11.46.51 | 000,000,604 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI[2009/07/20 17.36.58 | 000,007,531 | ---- | C] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\SmarThruOptions.xml[2009/07/20 17.36.42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll[2009/07/20 17.36.32 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Readiris.ini[2009/07/20 17.36.30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll[2009/07/20 17.33.49 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll[2009/07/20 17.33.49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll[2009/07/20 17.33.49 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll[2009/07/20 17.33.49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll[2009/07/20 10.52.28 | 000,000,644 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2009/07/12 17.54.21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SVPROUX.DLL[2009/07/12 17.54.21 | 000,000,093 | ---- | C] () -- C:\WINDOWS\SVPROU.INI[2009/07/12 17.54.10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\FAX1.INI[2009/07/12 09.48.11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[2009/07/12 09.48.10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[2009/07/12 09.47.31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll[2009/07/12 09.47.31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\windevx.dll[2009/07/12 09.47.31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflb0.dll[2009/07/12 03.44.51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys[2009/07/11 20.50.00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2009/07/11 20.49.03 | 000,001,746 | ---- | C] () -- C:\WINDOWS\ATICIM.INI[2006/11/02 10.27.46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI[2003/09/23 02.23.12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2003/09/21 16.45.36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL35.dll[2003/05/29 03.26.48 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll[2003/05/29 03.26.48 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll[2003/01/02 06.31.46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2003/01/02 00.56.07 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat[2003/01/02 00.54.21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll[2003/01/02 00.41.51 | 000,026,845 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS[2003/01/02 00.41.33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll[2003/01/02 00.41.01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll[2003/01/02 00.12.00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2003/01/02 00.11.33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll[2003/01/01 23.51.03 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log[2003/01/01 23.42.45 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2003/01/01 23.08.11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll[2003/01/01 23.08.11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll[2003/01/01 23.07.55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll[2003/01/01 22.44.32 | 000,000,949 | ---- | C] () -- C:\WINDOWS\orun32.ini[2003/01/01 22.35.17 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2003/01/01 20.00.04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini[2003/01/01 20.00.04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini[1996/02/01 19.25.42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll< End of report > Link to post Share on other sites More sharing options...
kahdah Posted October 15, 2010 ID:327778 Share Posted October 15, 2010 =======Cleanup======= Click START then RUN Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.======Next======Double click on OTL to run it.Click on the Cleanup button at the top.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.This will remove itself and other tools we may have used.===============Update Java===============Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.Scroll down to where it says "(JRE) then click on itClick the "Download" button to the right.Select your Platform: "Windows".Select your Language: "Multi-language".Read the License Agreement, and then check the box that says: "Accept License Agreement".Click Continue and the page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.======================Clear out infected System Restore points======================Then we need to reset your System Restore points.The link below shows how to do this.How to Turn On and Turn Off System Restore in Windows XPhttp://support.microsoft.com/kb/310405/en-usIf you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual Delete\uninstall anything else that we have used that is leftover.After that your all set. ===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes."How did I get infected in the first place?" Also this one by Tony Klein.If your computer is slow Is a tutorial on what you can do if your computer is slow.File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===Malwarebytes Antimalwaresuperantispyware===Free antivirus links===This is antivirus and antispyware. Microsoft Security EssentialsThis is free antispyware protection and Antivirus protection. AVG free 9.0This is just antivirus protection. AntivirThis is antivirus and antispyware protection.Avast Link to post Share on other sites More sharing options...
frankurb Posted October 17, 2010 Author ID:328478 Share Posted October 17, 2010 Ok, now I will try to read the articles you suggested and I hope to benefit from it. Your help was very useful and I think it's fair to reward you, so i just made a deposit on your account.One last question: when starting windows now I always get an error message box which says, more or less:<svchost.exe - Application error>"the instruction "0x7c928af2" made a reference to memory at "0x00000010". Memory could not be written. Click OK to terminate application".(I attach the error message picture).However the system seems to be regularly functioning. Do you think I should worry about this message?Thank you again and good bye. Link to post Share on other sites More sharing options...
kahdah Posted October 17, 2010 ID:328560 Share Posted October 17, 2010 Thank you for your donation.Please try the steps outlined in this website.http://www.pchell.com/support/svchosterror.shtmlIt is not the same error message exactly but it still should apply.Let me know if that takes care of the message. Link to post Share on other sites More sharing options...
frankurb Posted October 18, 2010 Author ID:329117 Share Posted October 18, 2010 I followed the steps described in the article but the error message at the start remains the same. In the article the author says:"Interestingly enough, even starting the computer in Safe Mode produced the same error." This is not true in my case: if I start in Safe Mode the error doesn't occur. I also tried to start in Debug Mode, but in this case the computer doesn't start, it remains blocked on the light blue screen that says "Windows Xp" and it doesn't respond to mouse and keyboard actions.I hope this is not really a big problem, since starting in normal mode, after clicking Ok on the error message box, the system works.If you have any other suggestions, please tell me.Good bye. Link to post Share on other sites More sharing options...
kahdah Posted October 18, 2010 ID:329225 Share Posted October 18, 2010 I think it is a program that is starting up with the computer that doesn't load in normal mode.Please do the following:Click here to download HJTInstall.exeSave HJTInstall.exe to your desktop.Doubleclick on the HJTInstall.exe icon on your desktop.By default it will install to C:\Program Files\Trend Micro\HijackThis .Click on Install.It will create a HijackThis icon on the desktop.Once installed, it will launch Hijackthis.Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. Link to post Share on other sites More sharing options...
frankurb Posted October 18, 2010 Author ID:329270 Share Posted October 18, 2010 Here is the log file generated by HijackThis. Thanks.---------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16.34.44, on 18/10/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programmi\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exeC:\Programmi\Java\jre6\bin\jqs.exeC:\SVPRO50C\PROGRAM\PICSERV.EXEC:\WINDOWS\System32\svchost.exeC:\Programmi\TightVNC\WinVNC.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programmi\Alwil Software\Avast5\avastUI.exeC:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeC:\WINDOWS\System32\WLTRAY.exeC:\Programmi\File comuni\Real\Update_OB\realsched.exeC:\SVPRO50C\PROGRAM\PICPRTR.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exeC:\WINDOWS\PixArt\PAC207\Monitor.exeC:\HP\KBD\KBD.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hphmon05.exeC:\Programmi\Portrait Displays\HP My Display\DTHtml.exeC:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exeC:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exeC:\WINDOWS\ALCXMNTR.EXEC:\Programmi\File comuni\Portrait Displays\Shared\HookManager.exeC:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exeC:\Programmi\File comuni\Java\Java Update\jusched.exeC:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exeC:\WINDOWS\system32\ctfmon.exeC:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Programmi\HP\Digital Imaging\bin\hpqtra08.exeC:\Programmi\WinZip\WZQKPICK.EXEC:\SVPRO90\PROGRAM\SVPRO.exeC:\WINDOWS\system32\wuauclt.exeC:\Programmi\Outlook Express\msimn.exeC:\Programmi\Mozilla Firefox\firefox.exeC:\Programmi\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = CollegamentiR3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dllO4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /noguiO4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [uSRobotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exeO4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [PICPRTR] C:\SVPRO50C\PROGRAM\PICPRTR.EXEO4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [DT HPW] C:\Programmi\Portrait Displays\HP My Display\DTHtml.exe -startup_folderO4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programmi\Sony\Content Transfer\ContentTransferWMDetector.exeO4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: SuperVoice Pro.LNK = C:\SVPRO90\PROGRAM\SVPRO.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXEO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nlsp.dllO12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{B563E52A-1B75-47E5-B3B5-AE56F4478347}: NameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\..\{CADB1EF0-DFCF-452E-B6A3-9340AB05C9E4}: NameServer = 192.168.1.254O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exeO23 - Service: NetOp Helper ver. 9.51 (2010216) (NetOp Host for NT Service) - Netop Business Solutions A/S - C:\Programmi\Netop\Netop School\Student\NHOSTSVC.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SVPRO50C\PROGRAM\PICSERV.EXEO23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programmi\TightVNC\WinVNC.exeO23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 9725 bytes Link to post Share on other sites More sharing options...
kahdah Posted October 18, 2010 ID:329346 Share Posted October 18, 2010 Please re-open Hijackthis and click on "Do a system scan only"Then place a check mark next to these entries below:O4 - HKLM\..\Run: [updateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exeO4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Now click on Fix Checked and then close Hijackthis.========Reboot after that and let em know if the error is gone. Link to post Share on other sites More sharing options...
frankurb Posted October 18, 2010 Author ID:329427 Share Posted October 18, 2010 Unfortunately the error is still there. However it doesn't bother me too much, unless it could be dangerous. Do you think it could be a source of trouble? Link to post Share on other sites More sharing options...
kahdah Posted October 18, 2010 ID:329483 Share Posted October 18, 2010 No not really a source of trouble but annoying.Fix these as well.O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exeThen reboot and see if any different. Link to post Share on other sites More sharing options...
frankurb Posted October 19, 2010 Author ID:329719 Share Posted October 19, 2010 Ok, I fixed these three, but still no difference. Link to post Share on other sites More sharing options...
kahdah Posted October 19, 2010 ID:329880 Share Posted October 19, 2010 Try to update to service pack 3 and see if it takes the error away.Sounds silly but it may work. Link to post Share on other sites More sharing options...
frankurb Posted October 20, 2010 Author ID:330447 Share Posted October 20, 2010 I updated to SP3 but even this didn't solve the problem.Maybe it could be interesting to know that if I run a program called "Svchost Fix Wizard" (downloaded from http://www.svchost-errors.com), after a quick scan, it shows the following three items as possible reasons of problem:1) System DLLs re-registration is pending2) Invalid data 2 at value start of the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS3) System DLLs re-registration is pending(before updating to SP3 it showed only the first item).The program promises to automatically solve the problem if I buy the full version for $ 40. However, given that it seems not to be a serious problem, I'd rather save this money.Thank you and greetings.Francesco Link to post Share on other sites More sharing options...
kahdah Posted October 20, 2010 ID:330479 Share Posted October 20, 2010 No don't purchase fix all program they don't ever do what they say.Please go to Start>Run type in Notepad.Copy what is in the code box below into the open Notepad window.Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.@Echo offregedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS"start notepad look.txtThen please double click on fixthis.bat a window will open and close quickly.This is normal.Please post the contents of the Notepad document that opens. Link to post Share on other sites More sharing options...
Recommended Posts