Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A bunch of spywares, having fun with my computer.


  • This topic is locked This topic is locked
17 replies to this topic

#1 Az1muth

Az1muth

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 19 March 2010 - 04:39 PM

I'm having lots of problems. First, Win XP doesn't work so I have to work on SAFE MODE. Everytime I try to launch an .exe in XP (normal mode) it says I don't have the authorization...or whatever !

However, even using SAFE MODE I didn't manage to make MBAM work, but..Hijackthis and dds are ok. Besides that, when I try to launch GMER and to start tha scan, then it shuts off the computer, saying there's an error, I guess.

I also got an interesting spyware, named "Antivirus XP 2010" .

Here's the DDS: (+ Hijackthis and Attach.rar are attached)


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Tommaso at 21.24.25,75 on 17/03/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1470.778 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Cobian Backup 9\Cobian.exe
C:\Programmi\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Tommaso\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.it/hws/sb/dell-row/it/side.html?channel=it
uSearch Bar = hxxp://www.google.it/hws/sb/dell-row/it/side.html?channel=it
uDefault_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4061016
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.it/hws/sb/dell-row/it/side.html?channel=it
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmi\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\programmi\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\googletoolbar2.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [msnmsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updater23] c:\windows\service.exe.js
uRun: [Google Update] "c:\documents and settings\tommaso\impostazioni locali\dati applicazioni\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Cobian Backup 9] "c:\programmi\cobian backup 9\Cobian.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tommaso\menuav~1\progra~1\esecuz~1\pandau~1.lnk - c:\programmi\panda usb vaccine\USBVaccine.exe
uPolicies-explorer: NoRun = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: NoShellSearchButton = 1 (0x1)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - c:\programmi\megaupload\mega manager\mm_file.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmi\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmi\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tommaso\datiap~1\mozilla\firefox\profiles\vn32btgp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - prefs.js: network.proxy.http - 167.206.55.215
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\tommaso\dati applicazioni\mozilla\firefox\profiles\vn32btgp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programmi\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\tommaso\impostazioni locali\dati applicazioni\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programmi\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\microsoft\office live\npOLW.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-31 242696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-31 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-31 29512]
S2 avg9wd;AVG Free WatchDog;c:\programmi\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-8-3 8576]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2009-8-3 461056]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-03-17 20:00:38 0 d-----w- c:\programmi\Cobian Backup 9
2010-03-17 20:00:12 0 d-----w- c:\docume~1\tommaso\datiap~1\Malwarebytes
2010-03-14 17:09:56 0 d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2010-03-14 17:07:03 0 d-----w- c:\programmi\file comuni\Wise Installation Wizard
2010-03-14 17:04:38 0 d-----w- c:\docume~1\alluse~1\datiap~1\Panda Security
2010-03-14 17:04:36 0 d-----w- c:\programmi\Panda USB Vaccine
2010-03-14 17:02:34 7680 --sha-w- c:\windows\Thumbs.db
2010-03-14 16:48:09 0 d-----w- c:\programmi\Trend Micro
2010-03-13 16:28:14 0 d-----w- c:\docume~1\tommaso\datiap~1\Charles
2010-03-13 09:00:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 08:23:00 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-02 17:13:53 0 d-----w- c:\programmi\Charles
2010-02-26 21:53:37 0 d-----w- c:\programmi\file comuni\DivX Shared
2010-02-24 12:45:54 44267 ----a-w- c:\windows\system32\nvapps.xml
2010-02-24 12:45:50 0 d-----w- c:\windows\nview
2010-02-24 12:31:00 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-24 12:30:42 0 d-----w- C:\NVIDIA
2010-02-24 12:11:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-24 11:59:24 0 d-----w- c:\programmi\Sierra
2010-02-19 20:25:29 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2010-02-19 20:25:29 591872 ----a-w- c:\windows\system32\AlbumDisplay.ocx
2010-02-19 20:25:29 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2010-02-19 20:25:29 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2010-02-19 20:25:29 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-02-19 20:25:25 0 d-----w- c:\programmi\LG PC Suite
2010-02-19 20:25:25 0 d-----w- c:\docume~1\tommaso\datiap~1\LG Electronics
2010-02-19 18:47:37 16896 ----a-w- c:\windows\system32\drivers\FlashUsb.sys
2010-02-19 18:47:36 0 d-----w- c:\programmi\infineon
2010-02-19 18:46:40 24960 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-02-19 18:46:40 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-02-19 18:46:39 0 d-----w- c:\programmi\LG Electronics
2010-02-19 18:44:23 0 d-----w- C:\KS360
2010-02-19 18:43:28 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-02-19 18:43:28 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-02-19 18:43:28 2412 ----a-w- c:\windows\system32\lgAxconfig.ini
2010-02-19 18:43:15 0 d-----w- c:\docume~1\alluse~1\datiap~1\LGMOBILEAX

==================== Find3M ====================

2010-03-13 09:00:49 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 09:00:12 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-21 19:24:48 530034 ----a-w- c:\windows\system32\perfh010.dat
2010-02-21 19:24:48 102442 ----a-w- c:\windows\system32\perfc010.dat
2010-01-18 16:47:30 68768 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-16 14:56:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:34:14 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:34:14 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2008-12-10 16:05:39 32768 --sha-w- c:\windows\system32\config\systemprofile\impostazioni locali\cronologia\history.ie5\mshist012008120120081208\index.dat
2008-12-10 16:05:39 32768 --sha-w- c:\windows\system32\config\systemprofile\impostazioni locali\cronologia\history.ie5\mshist012008121020081211\index.dat

============= FINISH: 21.24.50,21 ===============

Attached Files


Edited by Az1muth, 19 March 2010 - 04:40 PM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:01:06 AM

Posted 22 March 2010 - 10:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 Az1muth

Az1muth
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 26 March 2010 - 03:33 PM

Here's the scans. I changed nothing.

Attached Files



#4 Az1muth

Az1muth
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 27 March 2010 - 05:45 AM

I ran MBAM and I think some stuff just got better. Win XP Normal Mode works. So everything seems to be working well, but I think there's still something to fix.

Check my latest scans:

Attached Files



#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:06 AM

Posted 28 March 2010 - 11:41 AM

Hello, Az1muth
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 Az1muth

Az1muth
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 29 March 2010 - 04:53 AM

Here's C/ Combofix.txt

Attached Files



#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:06 AM

Posted 29 March 2010 - 01:34 PM

Hi,

Please don't attach the logfiles, just post it here in the thread.


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 Az1muth

Az1muth
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 29 March 2010 - 01:57 PM

OTL.txt

OTL logfile created on: 29/03/2010 20.41.52 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Tommaso\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 108,58 Gb Total Space | 16,16 Gb Free Space | 14,88% Space Free | Partition Type: NTFS
Drive D: | 37,24 Gb Total Space | 30,89 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149,01 Gb Total Space | 41,07 Gb Free Space | 27,56% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM
Current User Name: Tommaso
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/29 20.39.53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe
PRC - [2010/03/22 19.51.30 | 000,530,928 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
PRC - [2010/03/13 11.00.51 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/03/13 11.00.48 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 11.00.47 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/13 11.00.43 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 11.00.11 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/13 11.00.10 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/15 19.06.56 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Programmi\iTunes\iTunes.exe
PRC - [2009/09/30 20.58.42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Live\Contacts\wlcomm.exe
PRC - [2009/06/05 11.48.14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/22 12.38.32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Programmi\Cobian Backup 9\cbInterface.exe
PRC - [2009/01/22 12.38.26 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Programmi\Cobian Backup 9\Cobian.exe
PRC - [2008/12/14 19.35.00 | 005,459,968 | ---- | M] (http://www.emule-project.net) -- C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/27 12.36.34 | 000,111,912 | ---- | M] (SingleClick Systems) -- C:\Programmi\Dell Network Assistant\hnm_svc.exe


========== Modules (SafeList) ==========

MOD - [2010/03/29 20.39.53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/13 11.00.43 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/05 11.48.14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/04 02.06.28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/12/10 14.59.04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/27 12.36.34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Programmi\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/16 12.49.36 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Stopped] -- C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005/04/04 00.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4061016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4061016

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..keyword.URL: "http://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p="
FF - prefs.js..network.proxy.autoconfig_url: "12.175.230.55:80 12.238.152.231:80 12.9.25.229:80 128.10.19.52:3128 128.112.139.108:3128 128.112.139.97:3124 128.112.139.97:3128 128.114.63.15:3127 128.114.63.15:3124 128.114.63.15:3128 128.119.247.211:3127 128.121.14.115:80 128.122.149.60:80 128.130.52.41:80 128.193.33.8:3124 128.195.25.100:3124 128.208.4.197:3128 128.208.4.199:3128 128.220.231.2:3128 128.220.247.28:3124 128.252.19.20:3127 128.31.1.11:3128 128.31.1.12:3124 128.31.1.15:3124 128.6.192.158:3127 129.108.202.10:3124 129.108.202.10:3128 129.108.202.10:3127 129.12.3.75:3127 129.12.3.75:3124 129.170.214.191:3124 129.170.214.191:3127 129.170.214.191:3128 129.170.214.192:3128 129.170.214.192:3127 129.22.150.105:3128 129.24.17.70:3128 129.242.19.197:3128 129.242.19.197:3124 129.74.152.66:3127 129.88.32.24:80 129.97.75.238:3128 130.149.49.26:3127 130.158.136.97:80 130.227.200.43:80 130.245.145.151:3127 130.245.145.151:3128 130.49.221.41:3124 130.73.108.44:80 130.88.203.26:3124 130.88.203.26:3128 130.92.70.251:3127 131.179.112.71:3128 131.179.112.71:3124 131.188.44.100:3127 131.188.44.100:3128 133.11.240.56:3128 133.11.240.57:3124 133.11.240.57:3127 136.145.244.20:80 138.100.12.148:3124 138.251.214.18:3127 138.26.144.52:80 139.182.137.141:3124 139.19.142.2:3124 139.19.142.5:3124 140.109.17.181:3127 140.125.241.8:3128 141.12.12.72:80 141.149.218.209:3127 141.213.4.201:3128 141.213.4.201:3127 141.213.4.202:3128 141.217.48.51:3124 141.225.252.85:8080 141.24.249.130:3127 141.24.33.161:3128 141.41.1.132:80 142.103.2.1:3128 142.103.2.1:3127 142.103.2.1:3124 142.150.3.246:3128 142.179.111.232:80 142.25.162.4:80 144.135.40.71:80 147.102.3.101:3127 147.102.3.102:3124 147.102.3.102:3127 147.102.3.102:3128 150.176.182.32:80 150.65.32.66:3128 155.212.198.198:80 155.97.155.182:80 156.17.10.51:3124 156.56.103.61:3128 156.56.103.61:3124 159.61.240.137:80 159.61.240.141:80 159.71.254.248:80 160.36.57.172:3127 161.58.238.187:80 163.221.11.73:3124 163.24.90.117:80 163.24.94.117:80 164.107.127.13:3128 164.107.127.13:3127 168.120.16.11:80 169.229.50.11:3128 169.229.50.11:3124 169.229.50.15:3128 169.229.50.17:3127 17.112.169.103:80 192.17.239.251:3128 192.33.210.16:3128 192.33.210.17:3128 192.41.135.218:3128 192.41.135.219:3127 192.85.16.38:80 193.108.252.170:80 193.114.117.72:80 193.136.191.26:3127 193.136.191.26:3128 193.136.191.26:3124 193.136.24.104:80 193.170.198.154:80 193.171.252.19:80 193.178.234.247:80 193.179.186.4:80 193.226.25.120:80 193.55.130.132:80 193.93.20.146:80 193.95.82.205:80 194.170.41.120:80 194.224.199.151:80 194.27.49.155:80 194.27.49.157:80 194.29.178.6:3124 194.51.107.39:80 194.51.93.146:80 194.80.38.242:3127 194.87.13.162:80 194.95.94.40:80 195.113.161.82:3124 195.113.161.83:3124 195.113.161.83:3128 195.116.60.2:3124 195.116.60.49:3128 195.116.60.82:3128 195.116.60.82:3124 195.116.60.83:3128 195.116.60.83:3124 195.144.75.18:80 195.159.34.164:80 195.221.67.47:80 195.37.16.101:3127 195.49.188.226:80 195.5.255.194:80 195.6.57.6:80 195.70.32.214:80 195.76.0.236:80 198.163.152.230:3127 199.250.30.38:80 199.3.20.235:8080 199.6.40.234:80 199.72.161.142:80 200.10.148.13:80 200.129.0.162:3124 200.129.0.162:3127 200.129.0.162:3128 200.132.0.70:3127 200.132.0.70:3128 200.14.231.220:80 200.160.128.28:80 200.160.20.206:80 200.171.13.9:6588 200.176.3.140:80 200.178.17.162:80 200.189.96.250:80 200.19.159.35:3127 200.194.232.4:80 200.199.20.194:80 200.21.21.94:80 200.210.106.4:80 200.234.200.51:80 200.241.164.67:80 200.251.234.154:80 200.252.230.202:80 200.27.193.234:80 200.27.68.139:80 200.3.153.40:80 200.33.116.29:80 200.33.194.120:80 200.36.161.148:80 200.40.97.71:80 200.41.80.142:80 200.52.142.245:80 200.57.130.22:80 200.57.87.66:80 200.69.231.181:80 200.72.133.114:80 200.72.31.50:80 200.75.38.202:80 200.76.239.127:80 201.136.159.131:3128 201.17.104.5:6588 201.17.189.194:6588 201.17.232.71:6588 201.17.250.61:6588 201.208.15.101:3128 201.217.17.140:80 201.80.163.142:6588 201.80.167.244:6588 201.80.186.67:8080 201.80.43.133:6588 201.81.131.31:6588 201.81.24.131:6588 201.83.231.222:6588 202.103.178.162:8080 202.111.154.51:80 202.12.233.189:80 202.131.144.28:80 202.131.196.149:80 202.155.100.96:80 202.157.0.133:8080 202.166.185.37:80 202.172.121.241:80 202.191.34.160:80 202.30.12.138:8080 202.37.96.11:80 202.64.47.104:8080 202.66.92.227:80 202.73.163.249:80 202.85.139.158:80 202.95.238.211:80 202.99.126.3:3128 203.113.130.49:80 203.113.130.59:80 203.131.197.216:80 203.141.48.6:80 203.162.168.154:80 203.162.168.163:80 203.162.89.61:8000 203.172.26.88:80 203.174.78.105:80 203.197.139.70:80 203.200.38.93:80 203.252.5.124:80 203.255.233.21:80 203.255.233.22:80 203.255.233.23:80 203.71.225.10:8080 203.98.58.101:80 204.11.17.143:8080 204.19.14.8:80 204.56.0.137:3127 205.221.221.1:80 205.246.4.21:80 206.104.147.100:80 206.117.37.5:3124 206.12.16.133:3128 206.12.16.133:3124 206.204.191.248:80 206.204.200.84:8080 206.207.248.35:3128 206.3.26.253:80 207.140.211.89:80 207.48.146.35:80 207.58.132.242:80 207.67.240.62:80 207.71.17.171:80 208.44.118.173:80 208.99.202.199:80 209.128.121.140:80 209.131.210.141:80 209.158.180.130:80 209.160.41.31:80 209.193.36.10:80 209.212.93.6:80 209.214.214.32:80 209.239.52.178:80 209.242.10.247:80 209.67.242.197:80 209.68.139.10:80 209.81.13.136:80 210.105.154.18:80 210.145.99.18:444 210.146.119.101:80 210.150.226.1:80 210.161.156.151:80 210.172.146.52:80 210.204.173.14:80 210.229.56.131:80 210.245.0.171:80 210.249.136.141:80 210.90.46.13:80 211.100.4.71:80 211.132.112.152:8080 211.132.7.210:80 211.138.91.30:8080 211.154.220.234:80 211.221.5.131:8080 211.23.213.26:80 211.231.187.4:80 211.234.92.150:80 211.234.92.153:80 211.25.50.156:80 211.34.96.84:80 211.43.206.161:80 211.79.149.111:80 211.90.168.94:80 212.114.209.100:80 212.114.209.98:80 212.117.76.10:80 212.177.17.74:80 212.186.110.32:80 212.244.219.23:80 212.31.45.191:8080 212.35.207.9:80 212.68.215.87:80 212.77.100.89:80 212.8.113.22:80 212.87.231.34:80 213.129.230.147:80 213.156.200.226:80 213.156.35.190:80 213.172.37.190:80 213.215.167.98:80 213.239.193.166:80 213.30.153.48:80 213.4.114.125:80 216.111.4.3:80 216.13.219.230:80 216.145.244.243:80 216.154.243.212:80 216.165.109.79:3124 216.165.109.82:3127 216.17.30.189:80 216.176.52.38:80 216.229.194.82:80 216.23.180.12:80 216.237.126.170:80 216.54.7.3:80 216.56.4.194:80 216.6.202.27:80 216.73.53.7:80 216.85.59.60:8080 217.10.60.85:80 217.161.40.26:80 217.17.143.43:80 217.18.64.37:80 217.199.172.146:80 217.28.65.46:80 217.64.49.14:80 218.125.90.61:8080 218.202.36.94:8080 218.204.249.28:80 218.246.32.93:80 218.249.51.90:8080 218.26.224.151:80 218.59.175.39:80 219.101.248.131:80 219.141.216.30:8080 220.126.203.223:8080 220.150.233.105:8080 220.181.26.78:80 220.181.28.236:80 220.228.157.20:80 220.248.26.54:80 220.47.32.108:8080 220.90.132.183:8080 221.130.180.5:80 221.132.39.146:80 221.132.39.147:80 221.132.39.149:80 221.47.147.16:8080 222.191.251.51:80 59.106.20.33:80 59.144.0.147:80 61.144.122.45:80 61.151.246.90:80 61.153.254.75:80 61.166.49.150:8118 61.175.135.52:8080 61.19.243.11:80 61.194.6.235:80 61.197.218.177:8080 61.200.98.236:80 61.204.70.34:80 61.208.5.210:444 61.218.82.5:80 61.38.146.13:8080 61.60.106.80:80 61.74.133.55:80 61.74.65.97:80 61.74.65.98:80 62.101.90.3:8080 62.168.176.229:3128 62.193.242.153:80 62.197.127.51:80 62.23.35.21:80 62.37.236.193:80 62.39.107.121:80 63.105.20.193:80 63.118.7.16:80 63.133.146.116:80 63.165.168.40:444 63.193.207.2:80 63.241.242.71:80 63.241.242.72:80 63.241.242.76:80 63.64.185.249:80 63.94.64.81:80 64.105.76.90:80 64.161.10.4:3128 64.237.42.42:80 64.49.218.242:80 64.49.254.16:80 64.5.138.3:8000 64.56.145.53:80 64.71.128.84:80 64.76.51.9:80 64.88.15.10:80 65.119.124.132:80 65.211.241.70:80 65.39.15.80:80 65.57.104.235:80 65.61.134.64:80 66.0.139.139:80 66.0.194.145:80 66.11.129.25:80 66.163.7.180:80 66.219.102.75:80 66.237.47.74:8080 66.246.235.42:80 66.255.109.180:80 66.255.109.181:80 66.255.109.184:80 66.255.182.147:80 66.98.184.21:80 66.98.192.5:80 67.103.245.35:80 69.15.4.194:80 70.231.97.12:80 70.87.205.187:80 70.87.205.188:80 70.87.205.189:80 70.87.205.190:80 72.35.75.158:80 8.8.36.67:80 8.8.36.69:80 80.109.26.122:80 80.117.159.18:80 80.169.0.66:80 80.191.213.6:80 80.235.127.115:80 80.51.234.54:80 80.69.66.22:80 80.81.35.30:80 81.0.238.43:80 81.112.65.76:80 81.169.177.144:80 81.208.15.24:80 81.223.238.202:80 81.223.238.203:80 81.223.24.98:80 81.252.81.179:3128 81.56.76.224:80 81.63.140.37:3128 81.72.41.151:8080 82.165.40.72:80 82.224.136.109:80 82.99.243.38:3128 83.138.144.208:80 83.246.114.107:80 84.205.33.62:8080 85.214.33.173:80 85.46.232.188:8080 85.91.145.31:3128 89.223.1.69:3128 allegro.pl:80 calcio.iol.it:80 chronos.med.yale.edu:80 creative-capital.org:80 css.anonymizer.com:80 ebox1b.ebox.com:80 host-75.chateaubonneentente.com:80 invis.free.anonymizer.com:801080 mail.knihovna-pardubice.cz:80 ousdmail.ousd.k12.ca.us:80 parems.partech.com:80 repnet.greenops.com:80 stats.bellatlantic.net:80 wghi.net:80 www.c-com.com.tw:80"
FF - prefs.js..network.proxy.http: "167.206.55.215 "
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmi\AVG\AVG9\Firefox [2010/03/14 18.05.20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/25 16.55.28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/03/14 19.11.24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/03/12 20.54.19 | 000,000,000 | ---D | M]

[2008/12/01 18.34.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Extensions
[2010/03/23 18.30.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions
[2002/12/31 21.15.04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/12/31 17.42.35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/10 21.04.05 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/01/10 11.48.02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/03/04 20.25.14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/04 20.25.26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/02/14 10.41.04 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}(2)
[2009/03/04 20.25.20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/10 11.48.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\firefox@facebook(2).com
[2010/01/10 21.04.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\firefox@facebook.com
[2009/03/04 20.25.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\foxyproxy@eric.h.jung
[2010/03/12 20.57.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\personas@christopher.beard
[2009/01/21 20.02.42 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\searchplugins\daemon-search.xml
[2010/03/23 18.11.13 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2009/02/21 08.24.52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/10 01.16.44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/03/12 20.54.13 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/03/12 20.54.13 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/03/12 20.54.13 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/03/12 20.54.13 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/03/14 18.55.09 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Cobian Backup 9] C:\Programmi\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\Tommaso\Menu Avvio\Programmi\Esecuzione automatica\PandaUSBVaccine.lnk = C:\Programmi\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/09 12.14.32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/30 09.31.56 | 000,000,054 | -H-- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/09 12.03.06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/29 20.39.49 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe
[2010/03/29 01.16.26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/29 01.14.19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/29 01.14.19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/29 01.14.19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/29 01.14.19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/29 01.13.57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 01.12.35 | 000,000,000 | ---D | C] -- C:\schrauber
[2010/03/29 01.03.39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/27 14.21.25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tommaso\Recent
[2010/03/27 13.48.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\InstallShield
[2010/03/27 12.44.53 | 000,000,000 | ---D | C] -- C:\Programmi\iPod
[2010/03/27 11.09.04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/27 11.09.02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 11.09.02 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/17 22.00.38 | 000,000,000 | ---D | C] -- C:\Programmi\Cobian Backup 9
[2010/03/17 22.00.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Malwarebytes
[2010/01/31 18.14.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/05/02 18.47.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Xfire
[2009/04/08 20.18.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Xfire
[2009/03/09 14.10.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
[2009/02/14 12.14.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google
[2009/02/14 10.41.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2008/12/13 12.35.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2008/12/01 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\McAfee.com Personal Firewall
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/29 20.39.53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe
[2010/03/29 20.38.54 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/29 20.38.01 | 000,001,248 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1937012205-1695336993-1386895575-1006UA.job
[2010/03/29 18.01.14 | 058,201,009 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/29 16.38.00 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1937012205-1695336993-1386895575-1006Core.job
[2010/03/29 10.36.38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 10.34.55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 10.27.23 | 003,905,501 | R--- | M] () -- C:\Documents and Settings\Tommaso\Desktop\schrauber.exe
[2010/03/29 09.52.03 | 000,044,267 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/29 09.51.48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 09.51.46 | 1541,918,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 01.19.24 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Tommaso\ntuser.dat
[2010/03/29 01.19.24 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Tommaso\ntuser.ini
[2010/03/29 01.16.36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/29 01.12.50 | 002,110,646 | -H-- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/28 19.09.00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/28 19.08.49 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/27 15.42.23 | 000,090,560 | ---- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/27 12.42.35 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\Google Chrome.lnk
[2010/03/27 12.35.09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/27 11.09.06 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/22 23.31.15 | 000,013,378 | -HS- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\68bqk
[2010/03/19 22.06.01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/17 22.23.10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\dds.scr
[2010/03/16 19.47.41 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/29 01.16.35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/29 01.16.32 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010/03/29 01.14.19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/29 01.14.19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/29 01.14.19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/29 01.14.19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/29 01.14.19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/29 01.05.55 | 003,905,501 | R--- | C] () -- C:\Documents and Settings\Tommaso\Desktop\schrauber.exe
[2010/03/27 12.45.46 | 000,002,121 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/27 12.13.40 | 1541,918,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/27 11.09.06 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 22.23.07 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Tommaso\Desktop\dds.scr
[2010/03/13 18.14.59 | 000,013,378 | -HS- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\68bqk
[2010/02/24 14.11.08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/02/19 20.43.28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/02/19 20.43.28 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/08/03 21.43.59 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2009/08/03 13.41.37 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2009/08/03 13.41.37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/16 17.58.28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dati applicazioni\$_hpcst$.hpc
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info4.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info10.ini
[2009/06/12 12.40.51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLdu.DAT
[2009/06/12 12.40.51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\Action
[2009/03/20 00.17.14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/03/16 23.50.04 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\dvd.bmk
[2009/03/10 11.02.42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\$_hpcst$.hpc
[2009/03/08 12.20.53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2009/03/04 16.38.08 | 000,000,824 | ---- | C] () -- C:\WINDOWS\System32\PCProxy.ini
[2009/03/04 16.29.05 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2009/01/29 00.02.09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/28 18.33.52 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/04 18.55.15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2009/01/04 18.55.11 | 000,005,810 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009/01/02 16.04.40 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/31 18.04.42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/12/28 22.39.42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/28 22.39.41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/28 22.39.40 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/28 22.39.40 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/28 22.39.38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/28 22.39.38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/02 14.14.06 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 17.40.11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2006/10/16 13.03.28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/16 12.55.32 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/10/16 12.52.52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/16 12.49.56 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/10/16 12.49.38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/10/16 12.48.02 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/10/16 12.30.26 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/10/16 12.30.08 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/16 12.30.08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/16 12.30.08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/16 12.30.06 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/16 12.30.06 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/16 12.30.06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/16 12.30.06 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/16 12.29.56 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09.56.34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/26 03.05.50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbzlib.dll
[2005/04/26 03.05.50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbaZlib.dll
[2004/09/09 12.11.40 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/10 19.55.38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2002/12/31 22.07.52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\laserjet

========== LOP Check ==========

[2009/02/16 20.13.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Acoustica
[2010/02/24 20.28.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG Security Toolbar
[2010/03/29 01.11.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2008/12/01 21.41.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
[2010/01/20 16.27.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Befree4iPhone
[2010/03/27 13.35.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
[2002/12/31 22.00.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Chat Republic Games
[2008/12/15 22.32.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EmailNotifier
[2009/06/12 12.40.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EnterNHelp
[2009/01/01 21.22.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2010/02/19 20.43.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\LGMOBILEAX
[2008/12/15 22.32.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Megaupload
[2009/05/05 20.55.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
[2010/03/14 19.04.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Panda Security
[2009/07/11 10.02.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2009/03/19 14.47.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
[2009/01/24 01.12.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Screaming Bee
[2008/12/09 18.07.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SingleClick Systems
[2002/12/31 21.54.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SpeedBit
[2002/12/31 21.54.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2009/06/16 14.17.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Tommaso
[2009/06/12 12.40.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Ultima_T15
[2009/03/13 16.42.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WinZip
[2009/03/14 12.26.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/01/16 12.51.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/02 17.22.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/16 20.31.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Acoustica
[2010/01/31 19.10.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\AVG9
[2009/03/19 19.39.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\avidemux
[2008/12/01 22.41.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Azureus
[2008/12/29 18.50.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Binary Fortress Software
[2010/03/13 18.28.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Charles
[2010/01/10 11.46.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\DNA
[2008/12/15 22.32.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\EmailNotifier
[2008/12/01 21.47.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\eMule AdunanzA
[2009/03/19 23.03.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\GetRightToGo
[2008/12/17 11.06.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\ImgBurn
[2010/03/03 22.08.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Leadertech
[2010/02/19 22.25.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\LG Electronics
[2009/01/21 20.33.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\LimeWire
[2008/12/15 22.33.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Megaupload
[2009/03/04 19.52.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\MegauploadToolbar
[2009/06/12 12.53.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Nikon
[2009/07/14 17.52.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Nokia
[2009/02/27 15.17.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\OpenOffice.org
[2009/09/23 12.46.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Orbit
[2009/01/10 01.18.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\PC Suite
[2009/03/19 23.46.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Publish Providers
[2009/01/24 01.12.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Screaming Bee
[2009/03/19 22.57.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Sony
[2009/06/16 14.17.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\SyncCell
[2009/01/24 00.24.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\uTorrent
[2009/03/05 18.55.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Windows Search
[2009/05/25 16.04.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\wsInspector
[2009/01/24 11.41.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\ZipGenius

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/19 13.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/19 13.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/10 17.00.04 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/10 17.00.04 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00.07.42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00.07.42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/19 13.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/19 13.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/10 17.00.04 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/10 17.00.04 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/19 13.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\i386\eventlog.dll
[2004/08/19 13.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/19 13.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\i386\netlogon.dll
[2004/08/19 13.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 13.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\i386\scecli.dll
[2004/08/19 13.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:BEB71B81
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A9662AE0
< End of report >


EXTRAS.txt
OTL Extras logfile created on: 29/03/2010 20.41.52 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Tommaso\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 108,58 Gb Total Space | 16,16 Gb Free Space | 14,88% Space Free | Partition Type: NTFS
Drive D: | 37,24 Gb Total Space | 30,89 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149,01 Gb Total Space | 41,07 Gb Free Space | 27,56% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM
Current User Name: Tommaso
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programmi\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programmi\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe" = C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe" = C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe" = C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe" = C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\Dell Network Assistant\ezi_hnm2.exe" = C:\Programmi\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE" = C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe" = C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe" = C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe" = C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programmi\AVG\AVG9\avgupd.exe" = C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgnsx.exe" = C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}" = WarRock
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG PC Suite
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59EC5F32-D8D7-3909-B0CB-255AD09F5993}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62D5B0B1-9E1D-4d66-A593-D68F3FED7709}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK
"{71CB2612-627C-3D58-8D82-B77444B27B6A}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{814667BC-61D8-4F84-BE2E-539A11F6EAB3}" = LG PC Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9311A75A-D83D-37B5-8D49-88E7F5AB2762}" = Microsoft .NET Framework 3.5 Language Pack - ita
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{958E2B23-6146-4A21-9532-9F59049E9B35}" = Motorola Phone Tools
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1040-7B44-A81300000003}" = Adobe Reader 8.1.3 - Italiano
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCCB055C-7F64-4B13-90F5-078DE693EE00}" = OGA Notifier 1.7.0105.35.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pacchetto driver Windows - Nokia Modem (10/12/2007 3.6)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Pacchetto driver Windows - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"8089B79E-5E25-4872-8AC9-058E5F5599EC_is1" = iTunes Sync 1.5.1
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Charles_XK72" = Charles
"CobBackup9" = Cobian Backup 9
"Creative Audio Pack" = Pacchetto audio Creative
"Creative Jukebox Driver" = Creative Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"eMule AdunanzA" = AdunanzA
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - ita" = Microsoft .NET Framework 3.5 - Language Pack (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SearchAssist" = SearchAssist
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Registrazione del prodotto
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Update Remover" = Windows Update Remover
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"WUDF01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter Standard" = Xilisoft Video Converter Standard
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/03/2010 15.10.52 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 17/03/2010 16.09.30 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 17/03/2010 16.31.21 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 17/03/2010 16.32.29 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 17/03/2010 16.32.29 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 17/03/2010 16.53.25 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 17/03/2010 16.55.17 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 23/03/2010 18.01.16 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 26/03/2010 18.05.32 | Computer Name = TOM | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 8007043C nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 29/03/2010 4.52.15 | Computer Name = TOM | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore warrock.exe, versione 0.0.0.0,
modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.

[ OSession Events ]
Error - 19/05/2009 18.52.07 | Computer Name = TOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 512
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/01/2010 17.38.21 | Computer Name = TOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16912
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/02/2010 13.03.29 | Computer Name = TOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/02/2010 18.50.16 | Computer Name = TOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9800
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27/03/2010 10.01.34 | Computer Name = TOM | Source = DCOM | ID = 10010
Description = Il server {DC0C2640-1415-4644-875C-6F4D769839BA} non si registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 27/03/2010 10.02.09 | Computer Name = TOM | Source = DCOM | ID = 10010
Description = Il server {DC0C2640-1415-4644-875C-6F4D769839BA} non si registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 27/03/2010 10.02.45 | Computer Name = TOM | Source = DCOM | ID = 10010
Description = Il server {DC0C2640-1415-4644-875C-6F4D769839BA} non si registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 27/03/2010 10.03.20 | Computer Name = TOM | Source = DCOM | ID = 10010
Description = Il server {DC0C2640-1415-4644-875C-6F4D769839BA} non si registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 27/03/2010 10.06.44 | Computer Name = TOM | Source = DCOM | ID = 10010
Description = Il server {DC0C2640-1415-4644-875C-6F4D769839BA} non si registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 27/03/2010 11.48.53 | Computer Name = TOM | Source = Service Control Manager | ID = 7000
Description = Il servizio EagleNT non stato avviato per il seguente errore: %%2

Error - 28/03/2010 19.09.40 | Computer Name = TOM | Source = Service Control Manager | ID = 7031
Description = Il servizio AVG Free WatchDog terminato in modo imprevisto. Questo
problema si verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite
tra 0 millisecondi: Riavvia il servizio.

Error - 29/03/2010 4.28.35 | Computer Name = TOM | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Creative Labs Licensing Service.
Questo evento si gi verificato 1 volta(e).

Error - 29/03/2010 6.31.25 | Computer Name = TOM | Source = DCOM | ID = 10010
Description = Il server {DC0C2640-1415-4644-875C-6F4D769839BA} non si registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 29/03/2010 10.53.21 | Computer Name = TOM | Source = DCOM | ID = 10010
Description = Il server {DC0C2640-1415-4644-875C-6F4D769839BA} non si registrato
con DCOM entro il tempo d'attesa richiesto.


< End of report >

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:06 AM

Posted 29 March 2010 - 02:13 PM

Hi,


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Emule). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."






Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    FF - prefs.js..network.proxy.autoconfig_url: "12.175.230.55:80 12.238.152.231:80 12.9.25.229:80 128.10.19.52:3128 128.112.139.108:3128 128.112.139.97:3124 128.112.139.97:3128 128.114.63.15:3127 128.114.63.15:3124 128.114.63.15:3128 128.119.247.211:3127 128.121.14.115:80 128.122.149.60:80 128.130.52.41:80 128.193.33.8:3124 128.195.25.100:3124 128.208.4.197:3128 128.208.4.199:3128 128.220.231.2:3128 128.220.247.28:3124 128.252.19.20:3127 128.31.1.11:3128 128.31.1.12:3124 128.31.1.15:3124 128.6.192.158:3127 129.108.202.10:3124 129.108.202.10:3128 129.108.202.10:3127 129.12.3.75:3127 129.12.3.75:3124 129.170.214.191:3124 129.170.214.191:3127 129.170.214.191:3128 129.170.214.192:3128 129.170.214.192:3127 129.22.150.105:3128 129.24.17.70:3128 129.242.19.197:3128 129.242.19.197:3124 129.74.152.66:3127 129.88.32.24:80 129.97.75.238:3128 130.149.49.26:3127 130.158.136.97:80 130.227.200.43:80 130.245.145.151:3127 130.245.145.151:3128 130.49.221.41:3124 130.73.108.44:80 130.88.203.26:3124 130.88.203.26:3128 130.92.70.251:3127 131.179.112.71:3128 131.179.112.71:3124 131.188.44.100:3127 131.188.44.100:3128 133.11.240.56:3128 133.11.240.57:3124 133.11.240.57:3127 136.145.244.20:80 138.100.12.148:3124 138.251.214.18:3127 138.26.144.52:80 139.182.137.141:3124 139.19.142.2:3124 139.19.142.5:3124 140.109.17.181:3127 140.125.241.8:3128 141.12.12.72:80 141.149.218.209:3127 141.213.4.201:3128 141.213.4.201:3127 141.213.4.202:3128 141.217.48.51:3124 141.225.252.85:8080 141.24.249.130:3127 141.24.33.161:3128 141.41.1.132:80 142.103.2.1:3128 142.103.2.1:3127 142.103.2.1:3124 142.150.3.246:3128 142.179.111.232:80 142.25.162.4:80 144.135.40.71:80 147.102.3.101:3127 147.102.3.102:3124 147.102.3.102:3127 147.102.3.102:3128 150.176.182.32:80 150.65.32.66:3128 155.212.198.198:80 155.97.155.182:80 156.17.10.51:3124 156.56.103.61:3128 156.56.103.61:3124 159.61.240.137:80 159.61.240.141:80 159.71.254.248:80 160.36.57.172:3127 161.58.238.187:80 163.221.11.73:3124 163.24.90.117:80 163.24.94.117:80 164.107.127.13:3128 164.107.127.13:3127 168.120.16.11:80 169.229.50.11:3128 169.229.50.11:3124 169.229.50.15:3128 169.229.50.17:3127 17.112.169.103:80 192.17.239.251:3128 192.33.210.16:3128 192.33.210.17:3128 192.41.135.218:3128 192.41.135.219:3127 192.85.16.38:80 193.108.252.170:80 193.114.117.72:80 193.136.191.26:3127 193.136.191.26:3128 193.136.191.26:3124 193.136.24.104:80 193.170.198.154:80 193.171.252.19:80 193.178.234.247:80 193.179.186.4:80 193.226.25.120:80 193.55.130.132:80 193.93.20.146:80 193.95.82.205:80 194.170.41.120:80 194.224.199.151:80 194.27.49.155:80 194.27.49.157:80 194.29.178.6:3124 194.51.107.39:80 194.51.93.146:80 194.80.38.242:3127 194.87.13.162:80 194.95.94.40:80 195.113.161.82:3124 195.113.161.83:3124 195.113.161.83:3128 195.116.60.2:3124 195.116.60.49:3128 195.116.60.82:3128 195.116.60.82:3124 195.116.60.83:3128 195.116.60.83:3124 195.144.75.18:80 195.159.34.164:80 195.221.67.47:80 195.37.16.101:3127 195.49.188.226:80 195.5.255.194:80 195.6.57.6:80 195.70.32.214:80 195.76.0.236:80 198.163.152.230:3127 199.250.30.38:80 199.3.20.235:8080 199.6.40.234:80 199.72.161.142:80 200.10.148.13:80 200.129.0.162:3124 200.129.0.162:3127 200.129.0.162:3128 200.132.0.70:3127 200.132.0.70:3128 200.14.231.220:80 200.160.128.28:80 200.160.20.206:80 200.171.13.9:6588 200.176.3.140:80 200.178.17.162:80 200.189.96.250:80 200.19.159.35:3127 200.194.232.4:80 200.199.20.194:80 200.21.21.94:80 200.210.106.4:80 200.234.200.51:80 200.241.164.67:80 200.251.234.154:80 200.252.230.202:80 200.27.193.234:80 200.27.68.139:80 200.3.153.40:80 200.33.116.29:80 200.33.194.120:80 200.36.161.148:80 200.40.97.71:80 200.41.80.142:80 200.52.142.245:80 200.57.130.22:80 200.57.87.66:80 200.69.231.181:80 200.72.133.114:80 200.72.31.50:80 200.75.38.202:80 200.76.239.127:80 201.136.159.131:3128 201.17.104.5:6588 201.17.189.194:6588 201.17.232.71:6588 201.17.250.61:6588 201.208.15.101:3128 201.217.17.140:80 201.80.163.142:6588 201.80.167.244:6588 201.80.186.67:8080 201.80.43.133:6588 201.81.131.31:6588 201.81.24.131:6588 201.83.231.222:6588 202.103.178.162:8080 202.111.154.51:80 202.12.233.189:80 202.131.144.28:80 202.131.196.149:80 202.155.100.96:80 202.157.0.133:8080 202.166.185.37:80 202.172.121.241:80 202.191.34.160:80 202.30.12.138:8080 202.37.96.11:80 202.64.47.104:8080 202.66.92.227:80 202.73.163.249:80 202.85.139.158:80 202.95.238.211:80 202.99.126.3:3128 203.113.130.49:80 203.113.130.59:80 203.131.197.216:80 203.141.48.6:80 203.162.168.154:80 203.162.168.163:80 203.162.89.61:8000 203.172.26.88:80 203.174.78.105:80 203.197.139.70:80 203.200.38.93:80 203.252.5.124:80 203.255.233.21:80 203.255.233.22:80 203.255.233.23:80 203.71.225.10:8080 203.98.58.101:80 204.11.17.143:8080 204.19.14.8:80 204.56.0.137:3127 205.221.221.1:80 205.246.4.21:80 206.104.147.100:80 206.117.37.5:3124 206.12.16.133:3128 206.12.16.133:3124 206.204.191.248:80 206.204.200.84:8080 206.207.248.35:3128 206.3.26.253:80 207.140.211.89:80 207.48.146.35:80 207.58.132.242:80 207.67.240.62:80 207.71.17.171:80 208.44.118.173:80 208.99.202.199:80 209.128.121.140:80 209.131.210.141:80 209.158.180.130:80 209.160.41.31:80 209.193.36.10:80 209.212.93.6:80 209.214.214.32:80 209.239.52.178:80 209.242.10.247:80 209.67.242.197:80 209.68.139.10:80 209.81.13.136:80 210.105.154.18:80 210.145.99.18:444 210.146.119.101:80 210.150.226.1:80 210.161.156.151:80 210.172.146.52:80 210.204.173.14:80 210.229.56.131:80 210.245.0.171:80 210.249.136.141:80 210.90.46.13:80 211.100.4.71:80 211.132.112.152:8080 211.132.7.210:80 211.138.91.30:8080 211.154.220.234:80 211.221.5.131:8080 211.23.213.26:80 211.231.187.4:80 211.234.92.150:80 211.234.92.153:80 211.25.50.156:80 211.34.96.84:80 211.43.206.161:80 211.79.149.111:80 211.90.168.94:80 212.114.209.100:80 212.114.209.98:80 212.117.76.10:80 212.177.17.74:80 212.186.110.32:80 212.244.219.23:80 212.31.45.191:8080 212.35.207.9:80 212.68.215.87:80 212.77.100.89:80 212.8.113.22:80 212.87.231.34:80 213.129.230.147:80 213.156.200.226:80 213.156.35.190:80 213.172.37.190:80 213.215.167.98:80 213.239.193.166:80 213.30.153.48:80 213.4.114.125:80 216.111.4.3:80 216.13.219.230:80 216.145.244.243:80 216.154.243.212:80 216.165.109.79:3124 216.165.109.82:3127 216.17.30.189:80 216.176.52.38:80 216.229.194.82:80 216.23.180.12:80 216.237.126.170:80 216.54.7.3:80 216.56.4.194:80 216.6.202.27:80 216.73.53.7:80 216.85.59.60:8080 217.10.60.85:80 217.161.40.26:80 217.17.143.43:80 217.18.64.37:80 217.199.172.146:80 217.28.65.46:80 217.64.49.14:80 218.125.90.61:8080 218.202.36.94:8080 218.204.249.28:80 218.246.32.93:80 218.249.51.90:8080 218.26.224.151:80 218.59.175.39:80 219.101.248.131:80 219.141.216.30:8080 220.126.203.223:8080 220.150.233.105:8080 220.181.26.78:80 220.181.28.236:80 220.228.157.20:80 220.248.26.54:80 220.47.32.108:8080 220.90.132.183:8080 221.130.180.5:80 221.132.39.146:80 221.132.39.147:80 221.132.39.149:80 221.47.147.16:8080 222.191.251.51:80 59.106.20.33:80 59.144.0.147:80 61.144.122.45:80 61.151.246.90:80 61.153.254.75:80 61.166.49.150:8118 61.175.135.52:8080 61.19.243.11:80 61.194.6.235:80 61.197.218.177:8080 61.200.98.236:80 61.204.70.34:80 61.208.5.210:444 61.218.82.5:80 61.38.146.13:8080 61.60.106.80:80 61.74.133.55:80 61.74.65.97:80 61.74.65.98:80 62.101.90.3:8080 62.168.176.229:3128 62.193.242.153:80 62.197.127.51:80 62.23.35.21:80 62.37.236.193:80 62.39.107.121:80 63.105.20.193:80 63.118.7.16:80 63.133.146.116:80 63.165.168.40:444 63.193.207.2:80 63.241.242.71:80 63.241.242.72:80 63.241.242.76:80 63.64.185.249:80 63.94.64.81:80 64.105.76.90:80 64.161.10.4:3128 64.237.42.42:80 64.49.218.242:80 64.49.254.16:80 64.5.138.3:8000 64.56.145.53:80 64.71.128.84:80 64.76.51.9:80 64.88.15.10:80 65.119.124.132:80 65.211.241.70:80 65.39.15.80:80 65.57.104.235:80 65.61.134.64:80 66.0.139.139:80 66.0.194.145:80 66.11.129.25:80 66.163.7.180:80 66.219.102.75:80 66.237.47.74:8080 66.246.235.42:80 66.255.109.180:80 66.255.109.181:80 66.255.109.184:80 66.255.182.147:80 66.98.184.21:80 66.98.192.5:80 67.103.245.35:80 69.15.4.194:80 70.231.97.12:80 70.87.205.187:80 70.87.205.188:80 70.87.205.189:80 70.87.205.190:80 72.35.75.158:80 8.8.36.67:80 8.8.36.69:80 80.109.26.122:80 80.117.159.18:80 80.169.0.66:80 80.191.213.6:80 80.235.127.115:80 80.51.234.54:80 80.69.66.22:80 80.81.35.30:80 81.0.238.43:80 81.112.65.76:80 81.169.177.144:80 81.208.15.24:80 81.223.238.202:80 81.223.238.203:80 81.223.24.98:80 81.252.81.179:3128 81.56.76.224:80 81.63.140.37:3128 81.72.41.151:8080 82.165.40.72:80 82.224.136.109:80 82.99.243.38:3128 83.138.144.208:80 83.246.114.107:80 84.205.33.62:8080 85.214.33.173:80 85.46.232.188:8080 85.91.145.31:3128 89.223.1.69:3128 allegro.pl:80 calcio.iol.it:80 chronos.med.yale.edu:80 creative-capital.org:80 css.anonymizer.com:80 ebox1b.ebox.com:80 host-75.chateaubonneentente.com:80 invis.free.anonymizer.com:801080 mail.knihovna-pardubice.cz:80 ousdmail.ousd.k12.ca.us:80 parems.partech.com:80 repnet.greenops.com:80 stats.bellatlantic.net:80 wghi.net:80 www.c-com.com.tw:80"
    FF - prefs.js..network.proxy.http: "167.206.55.215 "
    FF - prefs.js..network.proxy.type: 1
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "26675:TCP" =-
    :Commands
    [emptytemp]
    [emptyflash]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.






I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 Az1muth

Az1muth
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 30 March 2010 - 03:08 AM

Thank you very much for reminding me all the risks and the dangers of using that program (Emule). Appreciated.

Here's the log:

[codebox]All processes killed
========== OTL ==========
Prefs.js: "12.175.230.55:80 12.238.152.231:80 12.9.25.229:80 128.10.19.52:3128 128.112.139.108:3128 128.112.139.97:3124 128.112.139.97:3128 128.114.63.15:3127 128.114.63.15:3124 128.114.63.15:3128 128.119.247.211:3127 128.121.14.115:80 128.122.149.60:80 128.130.52.41:80 128.193.33.8:3124 128.195.25.100:3124 128.208.4.197:3128 128.208.4.199:3128 128.220.231.2:3128 128.220.247.28:3124 128.252.19.20:3127 128.31.1.11:3128 128.31.1.12:3124 128.31.1.15:3124 128.6.192.158:3127 129.108.202.10:3124 129.108.202.10:3128 129.108.202.10:3127 129.12.3.75:3127 129.12.3.75:3124 129.170.214.191:3124 129.170.214.191:3127 129.170.214.191:3128 129.170.214.192:3128 129.170.214.192:3127 129.22.150.105:3128 129.24.17.70:3128 129.242.19.197:3128 129.242.19.197:3124 129.74.152.66:3127 129.88.32.24:80 129.97.75.238:3128 130.149.49.26:3127 130.158.136.97:80 130.227.200.43:80 130.245.145.151:3127 130.245.145.151:3128 130.49.221.41:3124 130.73.108.44:80 130.88.203.26:3124 130.88.203.26:3128 130.92.70.25 removed from network.proxy.autoconfig_url
Error: Unable to interpret <:8080 199.6.40.234:80 199.72.161.142:80 200.10.148.13:80 200.129.0.162:3124 200.129.0.162:3127 200.129.0.162:3128 200.132.0.70:3127 200.132.0.70:3128 200.14.231.220:80 200.160.128.28:80 200.160.20.206:80 200.171.13.9:6588 200.176.3.140:80 200.178.17.162:80 200.189.96.250:80 200.19.159.35:3127 200.194.232.4:80 200.199.20.194:80 200.21.21.94:80 200.210.106.4:80 200.234.200.51:80 200.241.164.67:80 200.251.234.154:80 200.252.230.202:80 200.27.193.234:80 200.27.68.139:80 200.3.153.40:80 200.33.116.29:80 200.33.194.120:80 200.36.161.148:80 200.40.97.71:80 200.41.80.142:80 200.52.142.245:80 200.57.130.22:80 200.57.87.66:80 200.69.231.181:80 200.72.133.114:80 200.72.31.50:80 200.75.38.202:80 200.76.239.127:80 201.136.159.131:3128 201.17.104.5:6588 201.17.189.194:6588 201.17.232.71:6588 201.17.250.61:6588 201.208.15.101:3128 201.217.17.140:80 201.80.163.142:6588 201.80.167.244:6588 201.80.186.67:8080 201.80.43.133:6588 201.81.131.31:6588 201.81.24.131:6588 201.83.231.222:6588 202.103.178.162:8080 202.111.154.51:80 202> in the current context!
Error: Unable to interpret <.12.233.189:80 202.131.144.28:80 202.131.196.149:80 202.155.100.96:80 202.157.0.133:8080 202.166.185.37:80 202.172.121.241:80 202.191.34.160:80 202.30.12.138:8080 202.37.96.11:80 202.64.47.104:8080 202.66.92.227:80 202.73.163.249:80 202.85.139.158:80 202.95.238.211:80 202.99.126.3:3128 203.113.130.49:80 203.113.130.59:80 203.131.197.216:80 203.141.48.6:80 203.162.168.154:80 203.162.168.163:80 203.162.89.61:8000 203.172.26.88:80 203.174.78.105:80 203.197.139.70:80 203.200.38.93:80 203.252.5.124:80 203.255.233.21:80 203.255.233.22:80 203.255.233.23:80 203.71.225.10:8080 203.98.58.101:80 204.11.17.143:8080 204.19.14.8:80 204.56.0.137:3127 205.221.221.1:80 205.246.4.21:80 206.104.147.100:80 206.117.37.5:3124 206.12.16.133:3128 206.12.16.133:3124 206.204.191.248:80 206.204.200.84:8080 206.207.248.35:3128 206.3.26.253:80 207.140.211.89:80 207.48.146.35:80 207.58.132.242:80 207.67.240.62:80 207.71.17.171:80 208.44.118.173:80 208.99.202.199:80 209.128.121.140:80 209.131.210.141:80 209.158.180.130:80 209.160.41.31:80 > in the current context!
Error: Unable to interpret <209.193.36.10:80 209.212.93.6:80 209.214.214.32:80 209.239.52.178:80 209.242.10.247:80 209.67.242.197:80 209.68.139.10:80 209.81.13.136:80 210.105.154.18:80 210.145.99.18:444 210.146.119.101:80 210.150.226.1:80 210.161.156.151:80 210.172.146.52:80 210.204.173.14:80 210.229.56.131:80 210.245.0.171:80 210.249.136.141:80 210.90.46.13:80 211.100.4.71:80 211.132.112.152:8080 211.132.7.210:80 211.138.91.30:8080 211.154.220.234:80 211.221.5.131:8080 211.23.213.26:80 211.231.187.4:80 211.234.92.150:80 211.234.92.153:80 211.25.50.156:80 211.34.96.84:80 211.43.206.161:80 211.79.149.111:80 211.90.168.94:80 212.114.209.100:80 212.114.209.98:80 212.117.76.10:80 212.177.17.74:80 212.186.110.32:80 212.244.219.23:80 212.31.45.191:8080 212.35.207.9:80 212.68.215.87:80 212.77.100.89:80 212.8.113.22:80 212.87.231.34:80 213.129.230.147:80 213.156.200.226:80 213.156.35.190:80 213.172.37.190:80 213.215.167.98:80 213.239.193.166:80 213.30.153.48:80 213.4.114.125:80 216.111.4.3:80 216.13.219.230:80 216.145.244.243:80 216.154.243.212> in the current context!
Error: Unable to interpret <:80 216.165.109.79:3124 216.165.109.82:3127 216.17.30.189:80 216.176.52.38:80 216.229.194.82:80 216.23.180.12:80 216.237.126.170:80 216.54.7.3:80 216.56.4.194:80 216.6.202.27:80 216.73.53.7:80 216.85.59.60:8080 217.10.60.85:80 217.161.40.26:80 217.17.143.43:80 217.18.64.37:80 217.199.172.146:80 217.28.65.46:80 217.64.49.14:80 218.125.90.61:8080 218.202.36.94:8080 218.204.249.28:80 218.246.32.93:80 218.249.51.90:8080 218.26.224.151:80 218.59.175.39:80 219.101.248.131:80 219.141.216.30:8080 220.126.203.223:8080 220.150.233.105:8080 220.181.26.78:80 220.181.28.236:80 220.228.157.20:80 220.248.26.54:80 220.47.32.108:8080 220.90.132.183:8080 221.130.180.5:80 221.132.39.146:80 221.132.39.147:80 221.132.39.149:80 221.47.147.16:8080 222.191.251.51:80 59.106.20.33:80 59.144.0.147:80 61.144.122.45:80 61.151.246.90:80 61.153.254.75:80 61.166.49.150:8118 61.175.135.52:8080 61.19.243.11:80 61.194.6.235:80 61.197.218.177:8080 61.200.98.236:80 61.204.70.34:80 61.208.5.210:444 61.218.82.5:80 61.38.146.13:8080 61.60.106.80:80 > in the current context!
Error: Unable to interpret <61.74.133.55:80 61.74.65.97:80 61.74.65.98:80 62.101.90.3:8080 62.168.176.229:3128 62.193.242.153:80 62.197.127.51:80 62.23.35.21:80 62.37.236.193:80 62.39.107.121:80 63.105.20.193:80 63.118.7.16:80 63.133.146.116:80 63.165.168.40:444 63.193.207.2:80 63.241.242.71:80 63.241.242.72:80 63.241.242.76:80 63.64.185.249:80 63.94.64.81:80 64.105.76.90:80 64.161.10.4:3128 64.237.42.42:80 64.49.218.242:80 64.49.254.16:80 64.5.138.3:8000 64.56.145.53:80 64.71.128.84:80 64.76.51.9:80 64.88.15.10:80 65.119.124.132:80 65.211.241.70:80 65.39.15.80:80 65.57.104.235:80 65.61.134.64:80 66.0.139.139:80 66.0.194.145:80 66.11.129.25:80 66.163.7.180:80 66.219.102.75:80 66.237.47.74:8080 66.246.235.42:80 66.255.109.180:80 66.255.109.181:80 66.255.109.184:80 66.255.182.147:80 66.98.184.21:80 66.98.192.5:80 67.103.245.35:80 69.15.4.194:80 70.231.97.12:80 70.87.205.187:80 70.87.205.188:80 70.87.205.189:80 70.87.205.190:80 72.35.75.158:80 8.8.36.67:80 8.8.36.69:80 80.109.26.122:80 80.117.159.18:80 80.169.0.66:80 80.191.213.6:80 80.235> in the current context!
Error: Unable to interpret <.127.115:80 80.51.234.54:80 80.69.66.22:80 80.81.35.30:80 81.0.238.43:80 81.112.65.76:80 81.169.177.144:80 81.208.15.24:80 81.223.238.202:80 81.223.238.203:80 81.223.24.98:80 81.252.81.179:3128 81.56.76.224:80 81.63.140.37:3128 81.72.41.151:8080 82.165.40.72:80 82.224.136.109:80 82.99.243.38:3128 83.138.144.208:80 83.246.114.107:80 84.205.33.62:8080 85.214.33.173:80 85.46.232.188:8080 85.91.145.31:3128 89.223.1.69:3128 allegro.pl:80 calcio.iol.it:80 chronos.med.yale.edu:80 creative-capital.org:80 css.anonymizer.com:80 ebox1b.ebox.com:80 host-75.chateaubonneentente.com:80 invis.free.anonymizer.com:801080 mail.knihovna-pardubice.cz:80 ousdmail.ousd.k12.ca.us:80 parems.partech.com:80 repnet.greenops.com:80 stats.bellatlantic.net:80 wghi.net:80 www.c-com.com.tw:80"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.http: "167.206.55.215 "> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.type: 1> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.TOM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 84 bytes

User: Administrator.TOM.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 33794674 bytes
->Flash cache emptied: 705 bytes

User: All Users

User: Default User
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 84 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49219 bytes

User: Proprietario
->Temp folder emptied: 0 bytes

User: Tommaso
->Temp folder emptied: 3709907 bytes
->Temporary Internet Files folder emptied: 4093000 bytes
->Java cache emptied: 930144 bytes
->FireFox cache emptied: 78477185 bytes
->Google Chrome cache emptied: 191331087 bytes
->Flash cache emptied: 6517 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3433285 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 301,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.TOM
->Flash cache emptied: 0 bytes

User: Administrator.TOM.000
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Proprietario

User: Tommaso
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.37.3 log created on 03292010_212448

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[/codebox]



[codebox]OTL logfile created on: 29/03/2010 21.37.14 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Tommaso\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 108,58 Gb Total Space | 16,41 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
Drive D: | 37,24 Gb Total Space | 30,89 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149,01 Gb Total Space | 40,71 Gb Free Space | 27,32% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM
Current User Name: Tommaso
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tommaso\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmi\Cobian Backup 9\cbInterface.exe (Luis Cobian)
PRC - C:\Programmi\Cobian Backup 9\Cobian.exe (Luis Cobian)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
PRC - C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tommaso\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (odserv) -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (hnmsvc) -- C:\Programmi\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (IDriverT) -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (usbaudio) Driver audio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (PAEAFLT.sys) -- C:\WINDOWS\system32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4061016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4061016

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.3
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p="
FF - prefs.js..network.proxy.autoconfig_url: ""1:3127 131.179.112.71:3128 131.179.112.71:3124 131.188.44.100:3127 131.188.44.100:3128 133.11.240.56:3128 133.11.240.57:3124 133.11.240.57:3127 136.145.244.20:80 138.100.12.148:3124 138.251.214.18:3127 138.26.144.52:80 139.182.137.141:3124 139.19.142.2:3124 139.19.142.5:3124 140.109.17.181:3127 140.125.241.8:3128 141.12.12.72:80 141.149.218.209:3127 141.213.4.201:3128 141.213.4.201:3127 141.213.4.202:3128 141.217.48.51:3124 141.225.252.85:8080 141.24.249.130:3127 141.24.33.161:3128 141.41.1.132:80 142.103.2.1:3128 142.103.2.1:3127 142.103.2.1:3124 142.150.3.246:3128 142.179.111.232:80 142.25.162.4:80 144.135.40.71:80 147.102.3.101:3127 147.102.3.102:3124 147.102.3.102:3127 147.102.3.102:3128 150.176.182.32:80 150.65.32.66:3128 155.212.198.198:80 155.97.155.182:80 156.17.10.51:3124 156.56.103.61:3128 156.56.103.61:3124 159.61.240.137:80 159.61.240.141:80 159.71.254.248:80 160.36.57.172:3127 161.58.238.187:80 163.221.11.73:3124 163.24.90.117:80 163.24.94.117:80 164.107.127.13:3128 164.107.127.13:3127 168.120.16.11:80 169.229.50.11:3128 169.229.50.11:3124 169.229.50.15:3128 169.229.50.17:3127 17.112.169.103:80 192.17.239.251:3128 192.33.210.16:3128 192.33.210.17:3128 192.41.135.218:3128 192.41.135.219:3127 192.85.16.38:80 193.108.252.170:80 193.114.117.72:80 193.136.191.26:3127 193.136.191.26:3128 193.136.191.26:3124 193.136.24.104:80 193.170.198.154:80 193.171.252.19:80 193.178.234.247:80 193.179.186.4:80 193.226.25.120:80 193.55.130.132:80 193.93.20.146:80 193.95.82.205:80 194.170.41.120:80 194.224.199.151:80 194.27.49.155:80 194.27.49.157:80 194.29.178.6:3124 194.51.107.39:80 194.51.93.146:80 194.80.38.242:3127 194.87.13.162:80 194.95.94.40:80 195.113.161.82:3124 195.113.161.83:3124 195.113.161.83:3128 195.116.60.2:3124 195.116.60.49:3128 195.116.60.82:3128 195.116.60.82:3124 195.116.60.83:3128 195.116.60.83:3124 195.144.75.18:80 195.159.34.164:80 195.221.67.47:80 195.37.16.101:3127 195.49.188.226:80 195.5.255.194:80 195.6.57.6:80 195.70.32.214:80 195.76.0.236:80 198.163.152.230:3127 199.250.30.38:80 199.3.20.235:8080 199.6.40.234:80 199.72.161.142:80 200.10.148.13:80 200.129.0.162:3124 200.129.0.162:3127 200.129.0.162:3128 200.132.0.70:3127 200.132.0.70:3128 200.14.231.220:80 200.160.128.28:80 200.160.20.206:80 200.171.13.9:6588 200.176.3.140:80 200.178.17.162:80 200.189.96.250:80 200.19.159.35:3127 200.194.232.4:80 200.199.20.194:80 200.21.21.94:80 200.210.106.4:80 200.234.200.51:80 200.241.164.67:80 200.251.234.154:80 200.252.230.202:80 200.27.193.234:80 200.27.68.139:80 200.3.153.40:80 200.33.116.29:80 200.33.194.120:80 200.36.161.148:80 200.40.97.71:80 200.41.80.142:80 200.52.142.245:80 200.57.130.22:80 200.57.87.66:80 200.69.231.181:80 200.72.133.114:80 200.72.31.50:80 200.75.38.202:80 200.76.239.127:80 201.136.159.131:3128 201.17.104.5:6588 201.17.189.194:6588 201.17.232.71:6588 201.17.250.61:6588 201.208.15.101:3128 201.217.17.140:80 201.80.163.142:6588 201.80.167.244:6588 201.80.186.67:8080 201.80.43.133:6588 201.81.131.31:6588 201.81.24.131:6588 201.83.231.222:6588 202.103.178.162:8080 202.111.154.51:80 202.12.233.189:80 202.131.144.28:80 202.131.196.149:80 202.155.100.96:80 202.157.0.133:8080 202.166.185.37:80 202.172.121.241:80 202.191.34.160:80 202.30.12.138:8080 202.37.96.11:80 202.64.47.104:8080 202.66.92.227:80 202.73.163.249:80 202.85.139.158:80 202.95.238.211:80 202.99.126.3:3128 203.113.130.49:80 203.113.130.59:80 203.131.197.216:80 203.141.48.6:80 203.162.168.154:80 203.162.168.163:80 203.162.89.61:8000 203.172.26.88:80 203.174.78.105:80 203.197.139.70:80 203.200.38.93:80 203.252.5.124:80 203.255.233.21:80 203.255.233.22:80 203.255.233.23:80 203.71.225.10:8080 203.98.58.101:80 204.11.17.143:8080 204.19.14.8:80 204.56.0.137:3127 205.221.221.1:80 205.246.4.21:80 206.104.147.100:80 206.117.37.5:3124 206.12.16.133:3128 206.12.16.133:3124 206.204.191.248:80 206.204.200.84:8080 206.207.248.35:3128 206.3.26.253:80 207.140.211.89:80 207.48.146.35:80 207.58.132.242:80 207.67.240.62:80 207.71.17.171:80 208.44.118.173:80 208.99.202.199:80 209.128.121.140:80 209.131.210.141:80 209.158.180.130:80 209.160.41.31:80 209.193.36.10:80 209.212.93.6:80 209.214.214.32:80 209.239.52.178:80 209.242.10.247:80 209.67.242.197:80 209.68.139.10:80 209.81.13.136:80 210.105.154.18:80 210.145.99.18:444 210.146.119.101:80 210.150.226.1:80 210.161.156.151:80 210.172.146.52:80 210.204.173.14:80 210.229.56.131:80 210.245.0.171:80 210.249.136.141:80 210.90.46.13:80 211.100.4.71:80 211.132.112.152:8080 211.132.7.210:80 211.138.91.30:8080 211.154.220.234:80 211.221.5.131:8080 211.23.213.26:80 211.231.187.4:80 211.234.92.150:80 211.234.92.153:80 211.25.50.156:80 211.34.96.84:80 211.43.206.161:80 211.79.149.111:80 211.90.168.94:80 212.114.209.100:80 212.114.209.98:80 212.117.76.10:80 212.177.17.74:80 212.186.110.32:80 212.244.219.23:80 212.31.45.191:8080 212.35.207.9:80 212.68.215.87:80 212.77.100.89:80 212.8.113.22:80 212.87.231.34:80 213.129.230.147:80 213.156.200.226:80 213.156.35.190:80 213.172.37.190:80 213.215.167.98:80 213.239.193.166:80 213.30.153.48:80 213.4.114.125:80 216.111.4.3:80 216.13.219.230:80 216.145.244.243:80 216.154.243.212:80 216.165.109.79:3124 216.165.109.82:3127 216.17.30.189:80 216.176.52.38:80 216.229.194.82:80 216.23.180.12:80 216.237.126.170:80 216.54.7.3:80 216.56.4.194:80 216.6.202.27:80 216.73.53.7:80 216.85.59.60:8080 217.10.60.85:80 217.161.40.26:80 217.17.143.43:80 217.18.64.37:80 217.199.172.146:80 217.28.65.46:80 217.64.49.14:80 218.125.90.61:8080 218.202.36.94:8080 218.204.249.28:80 218.246.32.93:80 218.249.51.90:8080 218.26.224.151:80 218.59.175.39:80 219.101.248.131:80 219.141.216.30:8080 220.126.203.223:8080 220.150.233.105:8080 220.181.26.78:80 220.181.28.236:80 220.228.157.20:80 220.248.26.54:80 220.47.32.108:8080 220.90.132.183:8080 221.130.180.5:80 221.132.39.146:80 221.132.39.147:80 221.132.39.149:80 221.47.147.16:8080 222.191.251.51:80 59.106.20.33:80 59.144.0.147:80 61.144.122.45:80 61.151.246.90:80 61.153.254.75:80 61.166.49.150:8118 61.175.135.52:8080 61.19.243.11:80 61.194.6.235:80 61.197.218.177:8080 61.200.98.236:80 61.204.70.34:80 61.208.5.210:444 61.218.82.5:80 61.38.146.13:8080 61.60.106.80:80 61.74.133.55:80 61.74.65.97:80 61.74.65.98:80 62.101.90.3:8080 62.168.176.229:3128 62.193.242.153:80 62.197.127.51:80 62.23.35.21:80 62.37.236.193:80 62.39.107.121:80 63.105.20.193:80 63.118.7.16:80 63.133.146.116:80 63.165.168.40:444 63.193.207.2:80 63.241.242.71:80 63.241.242.72:80 63.241.242.76:80 63.64.185.249:80 63.94.64.81:80 64.105.76.90:80 64.161.10.4:3128 64.237.42.42:80 64.49.218.242:80 64.49.254.16:80 64.5.138.3:8000 64.56.145.53:80 64.71.128.84:80 64.76.51.9:80 64.88.15.10:80 65.119.124.132:80 65.211.241.70:80 65.39.15.80:80 65.57.104.235:80 65.61.134.64:80 66.0.139.139:80 66.0.194.145:80 66.11.129.25:80 66.163.7.180:80 66.219.102.75:80 66.237.47.74:8080 66.246.235.42:80 66.255.109.180:80 66.255.109.181:80 66.255.109.184:80 66.255.182.147:80 66.98.184.21:80 66.98.192.5:80 67.103.245.35:80 69.15.4.194:80 70.231.97.12:80 70.87.205.187:80 70.87.205.188:80 70.87.205.189:80 70.87.205.190:80 72.35.75.158:80 8.8.36.67:80 8.8.36.69:80 80.109.26.122:80 80.117.159.18:80 80.169.0.66:80 80.191.213.6:80 80.235.127.115:80 80.51.234.54:80 80.69.66.22:80 80.81.35.30:80 81.0.238.43:80 81.112.65.76:80 81.169.177.144:80 81.208.15.24:80 81.223.238.202:80 81.223.238.203:80 81.223.24.98:80 81.252.81.179:3128 81.56.76.224:80 81.63.140.37:3128 81.72.41.151:8080 82.165.40.72:80 82.224.136.109:80 82.99.243.38:3128 83.138.144.208:80 83.246.114.107:80 84.205.33.62:8080 85.214.33.173:80 85.46.232.188:8080 85.91.145.31:3128 89.223.1.69:3128 allegro.pl:80 calcio.iol.it:80 chronos.med.yale.edu:80 creative-capital.org:80 css.anonymizer.com:80 ebox1b.ebox.com:80 host-75.chateaubonneentente.com:80 invis.free.anonymizer.com:801080 mail.knihovna-pardubice.cz:80 ousdmail.ousd.k12.ca.us:80 parems.partech.com:80 repnet.greenops.com:80 stats.bellatlantic.net:80 wghi.net:80 www.c-com.com.tw:80"
FF - prefs.js..network.proxy.http: "167.206.55.215 "
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/02/05 19.14.30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/03 21.11.13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmi\AVG\AVG9\Firefox [2010/03/14 18.05.20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/25 16.55.28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/03/14 19.11.24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/03/12 20.54.19 | 000,000,000 | ---D | M]

[2008/12/01 18.34.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Extensions
[2008/12/01 18.34.31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/03/23 18.30.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions
[2002/12/31 21.15.04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/12/31 17.42.35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/10 21.04.05 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/01/10 11.48.02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/03/04 20.25.14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/04 20.25.26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/02/14 10.41.04 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}(2)
[2009/03/04 20.25.20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/10 11.48.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\firefox@facebook(2).com
[2010/01/10 21.04.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\firefox@facebook.com
[2009/03/04 20.25.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\foxyproxy@eric.h.jung
[2010/03/12 20.57.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\personas@christopher.beard
[2009/01/21 20.02.42 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\searchplugins\daemon-search.xml
[2010/03/23 18.11.13 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/03/12 20.54.19 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/03 21.33.46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/12/02 19.32.03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/05 19.14.43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/07 09.33.55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/03/12 20.54.02 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/12 20.54.02 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll
[2009/01/16 20.17.04 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\np32dsw.dll
[2009/03/09 05.19.09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll
[2008/09/16 02.12.12 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Programmi\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/03/12 20.54.11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 21.12.16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/21 08.24.52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/10/14 22.33.30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll
[2008/09/10 21.56.44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/09/10 21.37.54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
[2007/03/10 01.16.44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/01/31 18.56.07 | 000,001,353 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/03/12 20.54.13 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/12 20.54.13 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/03/12 20.54.13 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml
[2010/03/12 20.54.13 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/03/12 20.54.13 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/03/12 20.54.13 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/03/29 21.25.37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Cobian Backup 9] C:\Programmi\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tommaso\Menu Avvio\Programmi\Esecuzione automatica\PandaUSBVaccine.lnk = C:\Programmi\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/09 12.14.32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/30 09.31.56 | 000,000,054 | -H-- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/29 21.25.37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/29 21.24.48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/29 20.39.49 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe
[2010/03/29 01.16.26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/29 01.14.19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/29 01.14.19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/29 01.14.19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/29 01.14.19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/29 01.13.57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 01.12.35 | 000,000,000 | ---D | C] -- C:\schrauber
[2010/03/29 01.03.39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/27 14.21.25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tommaso\Recent
[2010/03/27 13.48.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\InstallShield
[2010/03/27 12.44.53 | 000,000,000 | ---D | C] -- C:\Programmi\iPod
[2010/03/27 11.09.04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/27 11.09.02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 11.09.02 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/17 22.00.38 | 000,000,000 | ---D | C] -- C:\Programmi\Cobian Backup 9
[2010/03/17 22.00.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Malwarebytes
[2010/03/14 19.09.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/03/14 19.07.03 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2010/03/14 19.04.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Panda Security
[2010/03/14 19.04.36 | 000,000,000 | ---D | C] -- C:\Programmi\Panda USB Vaccine
[2010/03/14 19.03.35 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Documents and Settings\Tommaso\Desktop\USBVaccineSetup.exe
[2010/03/14 18.48.09 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2010/03/13 18.28.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Charles
[2010/03/13 11.00.47 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/11 19.47.22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/10 10.23.00 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/03 23.28.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Documenti\Matrimonio
[2010/03/03 22.09.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Sonic
[2010/03/03 22.08.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Leadertech
[2010/03/02 19.13.53 | 000,000,000 | ---D | C] -- C:\Programmi\Charles
[2010/01/31 18.14.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/05/02 18.47.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Xfire
[2009/04/08 20.18.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Xfire
[2009/03/09 14.10.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
[2009/02/14 12.14.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google
[2009/02/14 10.41.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2008/12/13 12.35.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2008/12/01 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\McAfee.com Personal Firewall

========== Files - Modified Within 30 Days ==========

[2010/03/29 21.38.00 | 000,001,248 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1937012205-1695336993-1386895575-1006UA.job
[2010/03/29 21.30.05 | 000,044,267 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/29 21.29.27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 21.29.24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 21.29.23 | 1541,918,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 21.28.04 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Tommaso\ntuser.dat
[2010/03/29 21.28.04 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Tommaso\ntuser.ini
[2010/03/29 21.25.37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/03/29 21.25.18 | 000,530,034 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/29 21.25.18 | 000,477,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/29 21.25.18 | 000,102,442 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/29 21.25.18 | 000,085,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/29 21.25.15 | 001,212,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/29 20.39.53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe
[2010/03/29 20.38.54 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/29 18.01.14 | 058,201,009 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/29 16.38.00 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1937012205-1695336993-1386895575-1006Core.job
[2010/03/29 10.34.55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 10.27.23 | 003,905,501 | R--- | M] () -- C:\Documents and Settings\Tommaso\Desktop\schrauber.exe
[2010/03/29 01.16.36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/29 01.12.50 | 002,110,646 | -H-- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/28 19.09.00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/28 19.08.49 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/27 15.42.23 | 000,090,560 | ---- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/27 12.42.35 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\Google Chrome.lnk
[2010/03/27 12.35.09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/27 11.09.06 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/22 23.31.15 | 000,013,378 | -HS- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\68bqk
[2010/03/19 22.06.01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/17 22.23.10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\dds.scr
[2010/03/16 19.47.41 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/14 19.04.36 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Tommaso\Menu Avvio\Programmi\Esecuzione automatica\PandaUSBVaccine.lnk
[2010/03/14 19.02.33 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 18.48.09 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\HijackThis.lnk
[2010/03/13 16.19.28 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/03/13 11.00.49 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/13 11.00.47 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 11.00.47 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 11.00.12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/12 18.02.38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 16.30.00 | 001,349,146 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\Marco Bressa.jpg

========== Files Created - No Company Name ==========

[2010/03/29 01.16.35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/29 01.16.32 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010/03/29 01.14.19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/29 01.14.19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/29 01.14.19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/29 01.14.19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/29 01.14.19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/29 01.05.55 | 003,905,501 | R--- | C] () -- C:\Documents and Settings\Tommaso\Desktop\schrauber.exe
[2010/03/27 12.45.46 | 000,002,121 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/27 12.13.40 | 1541,918,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/27 11.09.06 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 22.23.07 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Tommaso\Desktop\dds.scr
[2010/03/14 19.04.36 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Tommaso\Menu Avvio\Programmi\Esecuzione automatica\PandaUSBVaccine.lnk
[2010/03/14 18.48.09 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Tommaso\Desktop\HijackThis.lnk
[2010/03/13 18.14.59 | 000,013,378 | -HS- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\68bqk
[2010/03/12 16.29.57 | 001,349,146 | ---- | C] () -- C:\Documents and Settings\Tommaso\Desktop\Marco Bressa.jpg
[2010/02/24 14.11.08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/02/19 20.43.28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/02/19 20.43.28 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/08/03 21.43.59 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2009/08/03 13.41.37 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2009/08/03 13.41.37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/16 17.58.28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dati applicazioni\$_hpcst$.hpc
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info4.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info10.ini
[2009/06/12 12.40.51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLdu.DAT
[2009/06/12 12.40.51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\Action
[2009/03/20 00.17.14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/03/16 23.50.04 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\dvd.bmk
[2009/03/10 11.02.42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\$_hpcst$.hpc
[2009/03/08 12.20.53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2009/03/08 11.47.04 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/04 16.38.08 | 000,000,824 | ---- | C] () -- C:\WINDOWS\System32\PCProxy.ini
[2009/03/04 16.29.05 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2009/01/29 00.02.09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/28 18.33.52 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/04 18.55.15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2009/01/04 18.55.11 | 000,005,810 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009/01/02 16.04.40 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/31 18.04.42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/12/28 22.39.42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/28 22.39.41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/28 22.39.40 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/28 22.39.40 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/28 22.39.38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/28 22.39.38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/02 14.14.06 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 17.40.11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2006/10/16 13.03.28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/16 12.55.32 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/10/16 12.52.52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/16 12.49.56 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/10/16 12.49.38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/10/16 12.48.02 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/10/16 12.30.26 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/10/16 12.30.08 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/16 12.30.08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/16 12.30.08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/16 12.30.06 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/16 12.30.06 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/16 12.30.06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/16 12.30.06 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/16 12.29.56 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09.56.34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/26 03.05.50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbzlib.dll
[2005/04/26 03.05.50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbaZlib.dll
[2004/09/09 12.11.40 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/10 19.55.38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2002/12/31 22.07.52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\laserjet

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:BEB71B81
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A9662AE0
< End of report >
[/codebox]

ESET(log.txt):

[codebox]ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=df128805f444164d80328ade87d866a0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-29 11:33:19
# local_time=2010-03-30 01:33:19 (+0100, ora legale Europa occidentale)
# country="Italy"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1310481 1310481 0 0
# compatibility_mode=1024 16777191 100 0 4940806 4940806 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 221 221 0 0
# scanned=145483
# found=1
# cleaned=1
# scan_time=13428
C:\Programmi\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C[/codebox]

ESETSCAN.txt :

[codebox]C:\Programmi\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application deleted - quarantined[/codebox]


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:06 AM

Posted 31 March 2010 - 01:17 PM

HI,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following [codebox]:OTL
    FF - prefs.js..network.proxy.autoconfig_url: ""1:3127 131.179.112.71:3128 131.179.112.71:3124 131.188.44.100:3127 131.188.44.100:3128 133.11.240.56:3128 133.11.240.57:3124 133.11.240.57:3127 136.145.244.20:80 138.100.12.148:3124 138.251.214.18:3127 138.26.144.52:80 139.182.137.141:3124 139.19.142.2:3124 139.19.142.5:3124 140.109.17.181:3127 140.125.241.8:3128 141.12.12.72:80 141.149.218.209:3127 141.213.4.201:3128 141.213.4.201:3127 141.213.4.202:3128 141.217.48.51:3124 141.225.252.85:8080 141.24.249.130:3127 141.24.33.161:3128 141.41.1.132:80 142.103.2.1:3128 142.103.2.1:3127 142.103.2.1:3124 142.150.3.246:3128 142.179.111.232:80 142.25.162.4:80 144.135.40.71:80 147.102.3.101:3127 147.102.3.102:3124 147.102.3.102:3127 147.102.3.102:3128 150.176.182.32:80 150.65.32.66:3128 155.212.198.198:80 155.97.155.182:80 156.17.10.51:3124 156.56.103.61:3128 156.56.103.61:3124 159.61.240.137:80 159.61.240.141:80 159.71.254.248:80 160.36.57.172:3127 161.58.238.187:80 163.221.11.73:3124 163.24.90.117:80 163.24.94.117:80 164.107.127.13:3128 164.107.127.13:3127 168.120.16.11:80 169.229.50.11:3128 169.229.50.11:3124 169.229.50.15:3128 169.229.50.17:3127 17.112.169.103:80 192.17.239.251:3128 192.33.210.16:3128 192.33.210.17:3128 192.41.135.218:3128 192.41.135.219:3127 192.85.16.38:80 193.108.252.170:80 193.114.117.72:80 193.136.191.26:3127 193.136.191.26:3128 193.136.191.26:3124 193.136.24.104:80 193.170.198.154:80 193.171.252.19:80 193.178.234.247:80 193.179.186.4:80 193.226.25.120:80 193.55.130.132:80 193.93.20.146:80 193.95.82.205:80 194.170.41.120:80 194.224.199.151:80 194.27.49.155:80 194.27.49.157:80 194.29.178.6:3124 194.51.107.39:80 194.51.93.146:80 194.80.38.242:3127 194.87.13.162:80 194.95.94.40:80 195.113.161.82:3124 195.113.161.83:3124 195.113.161.83:3128 195.116.60.2:3124 195.116.60.49:3128 195.116.60.82:3128 195.116.60.82:3124 195.116.60.83:3128 195.116.60.83:3124 195.144.75.18:80 195.159.34.164:80 195.221.67.47:80 195.37.16.101:3127 195.49.188.226:80 195.5.255.194:80 195.6.57.6:80 195.70.32.214:80 195.76.0.236:80 198.163.152.230:3127 199.250.30.38:80 199.3.20.235:8080 199.6.40.234:80 199.72.161.142:80 200.10.148.13:80 200.129.0.162:3124 200.129.0.162:3127 200.129.0.162:3128 200.132.0.70:3127 200.132.0.70:3128 200.14.231.220:80 200.160.128.28:80 200.160.20.206:80 200.171.13.9:6588 200.176.3.140:80 200.178.17.162:80 200.189.96.250:80 200.19.159.35:3127 200.194.232.4:80 200.199.20.194:80 200.21.21.94:80 200.210.106.4:80 200.234.200.51:80 200.241.164.67:80 200.251.234.154:80 200.252.230.202:80 200.27.193.234:80 200.27.68.139:80 200.3.153.40:80 200.33.116.29:80 200.33.194.120:80 200.36.161.148:80 200.40.97.71:80 200.41.80.142:80 200.52.142.245:80 200.57.130.22:80 200.57.87.66:80 200.69.231.181:80 200.72.133.114:80 200.72.31.50:80 200.75.38.202:80 200.76.239.127:80 201.136.159.131:3128 201.17.104.5:6588 201.17.189.194:6588 201.17.232.71:6588 201.17.250.61:6588 201.208.15.101:3128 201.217.17.140:80 201.80.163.142:6588 201.80.167.244:6588 201.80.186.67:8080 201.80.43.133:6588 201.81.131.31:6588 201.81.24.131:6588 201.83.231.222:6588 202.103.178.162:8080 202.111.154.51:80 202.12.233.189:80 202.131.144.28:80 202.131.196.149:80 202.155.100.96:80 202.157.0.133:8080 202.166.185.37:80 202.172.121.241:80 202.191.34.160:80 202.30.12.138:8080 202.37.96.11:80 202.64.47.104:8080 202.66.92.227:80 202.73.163.249:80 202.85.139.158:80 202.95.238.211:80 202.99.126.3:3128 203.113.130.49:80 203.113.130.59:80 203.131.197.216:80 203.141.48.6:80 203.162.168.154:80 203.162.168.163:80 203.162.89.61:8000 203.172.26.88:80 203.174.78.105:80 203.197.139.70:80 203.200.38.93:80 203.252.5.124:80 203.255.233.21:80 203.255.233.22:80 203.255.233.23:80 203.71.225.10:8080 203.98.58.101:80 204.11.17.143:8080 204.19.14.8:80 204.56.0.137:3127 205.221.221.1:80 205.246.4.21:80 206.104.147.100:80 206.117.37.5:3124 206.12.16.133:3128 206.12.16.133:3124 206.204.191.248:80 206.204.200.84:8080 206.207.248.35:3128 206.3.26.253:80 207.140.211.89:80 207.48.146.35:80 207.58.132.242:80 207.67.240.62:80 207.71.17.171:80 208.44.118.173:80 208.99.202.199:80 209.128.121.140:80 209.131.210.141:80 209.158.180.130:80 209.160.41.31:80 209.193.36.10:80 209.212.93.6:80 209.214.214.32:80 209.239.52.178:80 209.242.10.247:80 209.67.242.197:80 209.68.139.10:80 209.81.13.136:80 210.105.154.18:80 210.145.99.18:444 210.146.119.101:80 210.150.226.1:80 210.161.156.151:80 210.172.146.52:80 210.204.173.14:80 210.229.56.131:80 210.245.0.171:80 210.249.136.141:80 210.90.46.13:80 211.100.4.71:80 211.132.112.152:8080 211.132.7.210:80 211.138.91.30:8080 211.154.220.234:80 211.221.5.131:8080 211.23.213.26:80 211.231.187.4:80 211.234.92.150:80 211.234.92.153:80 211.25.50.156:80 211.34.96.84:80 211.43.206.161:80 211.79.149.111:80 211.90.168.94:80 212.114.209.100:80 212.114.209.98:80 212.117.76.10:80 212.177.17.74:80 212.186.110.32:80 212.244.219.23:80 212.31.45.191:8080 212.35.207.9:80 212.68.215.87:80 212.77.100.89:80 212.8.113.22:80 212.87.231.34:80 213.129.230.147:80 213.156.200.226:80 213.156.35.190:80 213.172.37.190:80 213.215.167.98:80 213.239.193.166:80 213.30.153.48:80 213.4.114.125:80 216.111.4.3:80 216.13.219.230:80 216.145.244.243:80 216.154.243.212:80 216.165.109.79:3124 216.165.109.82:3127 216.17.30.189:80 216.176.52.38:80 216.229.194.82:80 216.23.180.12:80 216.237.126.170:80 216.54.7.3:80 216.56.4.194:80 216.6.202.27:80 216.73.53.7:80 216.85.59.60:8080 217.10.60.85:80 217.161.40.26:80 217.17.143.43:80 217.18.64.37:80 217.199.172.146:80 217.28.65.46:80 217.64.49.14:80 218.125.90.61:8080 218.202.36.94:8080 218.204.249.28:80 218.246.32.93:80 218.249.51.90:8080 218.26.224.151:80 218.59.175.39:80 219.101.248.131:80 219.141.216.30:8080 220.126.203.223:8080 220.150.233.105:8080 220.181.26.78:80 220.181.28.236:80 220.228.157.20:80 220.248.26.54:80 220.47.32.108:8080 220.90.132.183:8080 221.130.180.5:80 221.132.39.146:80 221.132.39.147:80 221.132.39.149:80 221.47.147.16:8080 222.191.251.51:80 59.106.20.33:80 59.144.0.147:80 61.144.122.45:80 61.151.246.90:80 61.153.254.75:80 61.166.49.150:8118 61.175.135.52:8080 61.19.243.11:80 61.194.6.235:80 61.197.218.177:8080 61.200.98.236:80 61.204.70.34:80 61.208.5.210:444 61.218.82.5:80 61.38.146.13:8080 61.60.106.80:80 61.74.133.55:80 61.74.65.97:80 61.74.65.98:80 62.101.90.3:8080 62.168.176.229:3128 62.193.242.153:80 62.197.127.51:80 62.23.35.21:80 62.37.236.193:80 62.39.107.121:80 63.105.20.193:80 63.118.7.16:80 63.133.146.116:80 63.165.168.40:444 63.193.207.2:80 63.241.242.71:80 63.241.242.72:80 63.241.242.76:80 63.64.185.249:80 63.94.64.81:80 64.105.76.90:80 64.161.10.4:3128 64.237.42.42:80 64.49.218.242:80 64.49.254.16:80 64.5.138.3:8000 64.56.145.53:80 64.71.128.84:80 64.76.51.9:80 64.88.15.10:80 65.119.124.132:80 65.211.241.70:80 65.39.15.80:80 65.57.104.235:80 65.61.134.64:80 66.0.139.139:80 66.0.194.145:80 66.11.129.25:80 66.163.7.180:80 66.219.102.75:80 66.237.47.74:8080 66.246.235.42:80 66.255.109.180:80 66.255.109.181:80 66.255.109.184:80 66.255.182.147:80 66.98.184.21:80 66.98.192.5:80 67.103.245.35:80 69.15.4.194:80 70.231.97.12:80 70.87.205.187:80 70.87.205.188:80 70.87.205.189:80 70.87.205.190:80 72.35.75.158:80 8.8.36.67:80 8.8.36.69:80 80.109.26.122:80 80.117.159.18:80 80.169.0.66:80 80.191.213.6:80 80.235.127.115:80 80.51.234.54:80 80.69.66.22:80 80.81.35.30:80 81.0.238.43:80 81.112.65.76:80 81.169.177.144:80 81.208.15.24:80 81.223.238.202:80 81.223.238.203:80 81.223.24.98:80 81.252.81.179:3128 81.56.76.224:80 81.63.140.37:3128 81.72.41.151:8080 82.165.40.72:80 82.224.136.109:80 82.99.243.38:3128 83.138.144.208:80 83.246.114.107:80 84.205.33.62:8080 85.214.33.173:80 85.46.232.188:8080 85.91.145.31:3128 89.223.1.69:3128 allegro.pl:80 calcio.iol.it:80 chronos.med.yale.edu:80 creative-capital.org:80 css.anonymizer.com:80 ebox1b.ebox.com:80 host-75.chateaubonneentente.com:80 invis.free.anonymizer.com:801080 mail.knihovna-pardubice.cz:80 ousdmail.ousd.k12.ca.us:80 parems.partech.com:80 repnet.greenops.com:80 stats.bellatlantic.net:80 wghi.net:80 www.c-com.com.tw:80"
    FF - prefs.js..network.proxy.http: "167.206.55.215 "
    FF - prefs.js..network.proxy.type: 1[/codebox]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Edited by schrauber, 31 March 2010 - 01:18 PM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 Az1muth

Az1muth
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 31 March 2010 - 01:36 PM

FIX :

Spoiler


OTL.TXT :

Spoiler



#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:06 AM

Posted 31 March 2010 - 02:21 PM

Ehm, nice logfile :D


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 Az1muth

Az1muth
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 31 March 2010 - 02:25 PM

FIX :

========== OTL ==========
Prefs.js: ""1:3127 131.179.112.71:3128 131.179.112.71:3124 131.188.44.100:3127 131.188.44.100:3128 133.11.240.56:3128 133.11.240.57:3124 133.11.240.57:3127 136.145.244.20:80 138.100.12.148:3124 138.251.214.18:3127 138.26.144.52:80 139.182.137.141:3124 139.19.142.2:3124 139.19.142.5:3124 140.109.17.181:3127 140.125.241.8:3128 141.12.12.72:80 141.149.218.209:3127 141.213.4.201:3128 141.213.4.201:3127 141.213.4.202:3128 141.217.48.51:3124 141.225.252.85:8080 141.24.249.130:3127 141.24.33.161:3128 141.41.1.132:80 142.103.2.1:3128 142.103.2.1:3127 142.103.2.1:3124 142.150.3.246:3128 142.179.111.232:80 142.25.162.4:80 144.135.40.71:80 147.102.3.101:3127 147.102.3.102:3124 147.102.3.102:3127 147.102.3.102:3128 150.176.182.32:80 150.65.32.66:3128 155.212.198.198:80 155.97.155.182:80 156.17.10.51:3124 156.56.103.61:3128 156.56.103.61:3124 159.61.240.137:80 159.61.240.141:80 159.71.254.248:80 160.36.57.172:3127 161.58.238.187:80 163.221.11.73:3124 163.24.90.117:80 163.24.94.117:80 164 removed from network.proxy.autoconfig_url
Prefs.js: "167.206.55.215 " removed from network.proxy.http
Prefs.js: 1 removed from network.proxy.type

OTL by OldTimer - Version 3.1.37.3 log created on 03312010_201920


OTL.TXT :

OTL logfile created on: 31/03/2010 20.23.07 - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Tommaso\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 108,58 Gb Total Space | 3,54 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
Drive D: | 37,24 Gb Total Space | 30,89 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM
Current User Name: Tommaso
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tommaso\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmi\Cobian Backup 9\cbInterface.exe (Luis Cobian)
PRC - C:\Programmi\Cobian Backup 9\Cobian.exe (Luis Cobian)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
PRC - C:\Programmi\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tommaso\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - C:\Programmi\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Programmi\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (odserv) -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (hnmsvc) -- C:\Programmi\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Programmi\File comuni\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (IDriverT) -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (usbaudio) Driver audio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows Server 2003 DDK provider)
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (PAEAFLT.sys) -- C:\WINDOWS\system32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4061016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4061016

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.3
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.2
FF - prefs.js..keyword.URL: "http://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/02/05 19.14.30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/03 21.11.13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmi\AVG\AVG9\Firefox [2010/03/14 18.05.20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/25 16.55.28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/03/30 15.40.54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/03/30 15.40.54 | 000,000,000 | ---D | M]

[2008/12/01 18.34.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Extensions
[2008/12/01 18.34.31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/03/30 10.58.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions
[2002/12/31 21.15.04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/12/31 17.42.35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/10 21.04.05 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/01/10 11.48.02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/03/04 20.25.14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/04 20.25.26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/02/14 10.41.04 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}(2)
[2009/03/04 20.25.20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/10 11.48.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\firefox@facebook(2).com
[2010/01/10 21.04.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\firefox@facebook.com
[2009/03/04 20.25.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\foxyproxy@eric.h.jung
[2010/03/12 20.57.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\extensions\personas@christopher.beard
[2009/01/21 20.02.42 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\Mozilla\Firefox\Profiles\vn32btgp.default\searchplugins\daemon-search.xml
[2010/03/30 10.58.51 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/03/30 15.40.54 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/03 21.33.46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/12/02 19.32.03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/05 19.14.43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/07 09.33.55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/03/30 15.40.49 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/30 15.40.49 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll
[2009/01/16 20.17.04 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\np32dsw.dll
[2009/03/09 05.19.09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll
[2008/09/16 02.12.12 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Programmi\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/03/30 15.40.50 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 21.12.16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/21 08.24.52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/10/14 22.33.30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppdf32.dll
[2008/09/10 21.56.44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/16 12.49.14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/09/10 21.37.54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
[2007/03/10 01.16.44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/01/31 18.56.07 | 000,001,353 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/03/12 20.54.13 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/12 20.54.13 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/03/12 20.54.13 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml
[2010/03/12 20.54.13 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/03/12 20.54.13 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/03/12 20.54.13 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/03/29 21.25.37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Cobian Backup 9] C:\Programmi\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programmi\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tommaso\Menu Avvio\Programmi\Esecuzione automatica\PandaUSBVaccine.lnk = C:\Programmi\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/09 12.14.32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/30 10.57.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Xfire
[2010/03/30 10.57.18 | 000,000,000 | ---D | C] -- C:\Programmi\Xfire
[2010/03/29 21.45.49 | 000,000,000 | ---D | C] -- C:\Programmi\ESET
[2010/03/29 21.25.37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/29 21.24.48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/29 20.39.49 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe
[2010/03/29 01.16.26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/29 01.14.19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/29 01.14.19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/29 01.14.19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/29 01.14.19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/29 01.13.57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 01.12.35 | 000,000,000 | ---D | C] -- C:\schrauber
[2010/03/29 01.03.39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/27 14.21.25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tommaso\Recent
[2010/03/27 13.48.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\InstallShield
[2010/03/27 12.44.53 | 000,000,000 | ---D | C] -- C:\Programmi\iPod
[2010/03/27 11.09.04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/27 11.09.02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 11.09.02 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/17 22.00.38 | 000,000,000 | ---D | C] -- C:\Programmi\Cobian Backup 9
[2010/03/17 22.00.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Malwarebytes
[2010/03/14 19.09.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/03/14 19.07.03 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2010/03/14 19.04.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Panda Security
[2010/03/14 19.04.36 | 000,000,000 | ---D | C] -- C:\Programmi\Panda USB Vaccine
[2010/03/14 19.03.35 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Documents and Settings\Tommaso\Desktop\USBVaccineSetup.exe
[2010/03/14 18.48.09 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2010/03/13 18.28.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Charles
[2010/03/13 11.00.47 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/11 19.47.22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/10 10.23.00 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/03 23.28.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Documenti\Matrimonio
[2010/03/03 22.09.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Sonic
[2010/03/03 22.08.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommaso\Dati applicazioni\Leadertech
[2010/03/02 19.13.53 | 000,000,000 | ---D | C] -- C:\Programmi\Charles
[2010/01/31 18.14.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/01/31 18.14.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/05/02 18.47.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Xfire
[2009/04/08 20.18.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Xfire
[2009/03/09 14.10.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
[2009/02/14 12.14.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google
[2009/02/14 10.41.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2008/12/13 12.35.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2008/12/01 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\McAfee.com Personal Firewall

========== Files - Modified Within 30 Days ==========

[2010/03/31 19.38.00 | 000,001,248 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1937012205-1695336993-1386895575-1006UA.job
[2010/03/31 18.28.58 | 058,313,297 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/31 16.38.00 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1937012205-1695336993-1386895575-1006Core.job
[2010/03/31 14.21.08 | 000,044,267 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/31 14.21.03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 14.21.01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 14.20.59 | 1541,918,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/31 12.47.48 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Tommaso\ntuser.dat
[2010/03/31 12.47.48 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Tommaso\ntuser.ini
[2010/03/31 12.47.30 | 002,640,142 | -H-- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/31 09.50.39 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/03/30 09.58.56 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/29 21.25.37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/03/29 21.25.18 | 000,530,034 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/29 21.25.18 | 000,477,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/29 21.25.18 | 000,102,442 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/29 21.25.18 | 000,085,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/29 21.25.15 | 001,212,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/29 20.39.53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tommaso\Desktop\OTL.exe
[2010/03/29 10.34.55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 10.27.23 | 003,905,501 | R--- | M] () -- C:\Documents and Settings\Tommaso\Desktop\schrauber.exe
[2010/03/29 01.16.36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/28 19.09.00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/28 19.08.49 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/27 15.42.23 | 000,090,560 | ---- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/27 12.42.35 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\Google Chrome.lnk
[2010/03/27 12.35.09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/27 11.09.06 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/26 21.04.54 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/03/22 23.31.15 | 000,013,378 | -HS- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\68bqk
[2010/03/19 22.06.01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/17 22.23.10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\dds.scr
[2010/03/16 19.47.41 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/14 19.04.36 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Tommaso\Menu Avvio\Programmi\Esecuzione automatica\PandaUSBVaccine.lnk
[2010/03/14 19.02.33 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 18.48.09 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\HijackThis.lnk
[2010/03/13 16.19.28 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/03/13 11.00.49 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/13 11.00.47 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 11.00.47 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 11.00.12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/12 18.02.38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 16.30.00 | 001,349,146 | ---- | M] () -- C:\Documents and Settings\Tommaso\Desktop\Marco Bressa.jpg
[2010/03/11 14.30.09 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 14.30.09 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 14.30.08 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 14.30.08 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 14.30.08 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 14.30.08 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 14.30.08 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 14.30.08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 14.30.08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 14.30.08 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 14.30.08 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 14.30.08 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 14.30.07 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 14.30.07 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 14.30.06 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 14.30.06 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 14.30.06 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 14.30.06 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 14.30.05 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 14.30.05 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 14.30.05 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 14.30.05 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 14.30.05 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 14.30.05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 14.30.05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 14.30.05 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 14.30.05 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 14.30.04 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 14.30.03 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 14.30.03 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 14.30.03 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 14.30.03 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 14.30.03 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 14.30.03 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 14.30.03 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 14.30.03 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 14.30.03 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 14.30.03 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 14.30.03 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 14.30.02 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 14.30.02 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 14.30.02 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 14.30.02 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 14.30.02 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 14.30.02 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 14.30.02 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 14.30.02 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/10 15.20.21 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/03/10 15.19.54 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/03/10 15.19.54 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/03/10 15.19.54 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/03/10 15.19.54 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe

========== Files Created - No Company Name ==========

[2010/03/31 09.50.39 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/03/29 01.16.35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/29 01.16.32 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010/03/29 01.14.19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/29 01.14.19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/29 01.14.19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/29 01.14.19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/29 01.14.19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/29 01.05.55 | 003,905,501 | R--- | C] () -- C:\Documents and Settings\Tommaso\Desktop\schrauber.exe
[2010/03/27 12.45.46 | 000,002,121 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/27 12.13.40 | 1541,918,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/27 11.09.06 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/26 21.04.54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/03/17 22.23.07 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Tommaso\Desktop\dds.scr
[2010/03/14 19.04.36 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Tommaso\Menu Avvio\Programmi\Esecuzione automatica\PandaUSBVaccine.lnk
[2010/03/14 18.48.09 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Tommaso\Desktop\HijackThis.lnk
[2010/03/13 18.14.59 | 000,013,378 | -HS- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\68bqk
[2010/03/12 16.29.57 | 001,349,146 | ---- | C] () -- C:\Documents and Settings\Tommaso\Desktop\Marco Bressa.jpg
[2010/02/24 14.11.08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/02/19 20.43.28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/02/19 20.43.28 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/08/03 21.43.59 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2009/08/03 13.41.37 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2009/08/03 13.41.37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/16 17.58.28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dati applicazioni\$_hpcst$.hpc
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info4.ini
[2009/06/16 14.16.49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info10.ini
[2009/06/12 12.40.51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLdu.DAT
[2009/06/12 12.40.51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\Action
[2009/03/20 00.17.14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/03/16 23.50.04 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\dvd.bmk
[2009/03/10 11.02.42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tommaso\Dati applicazioni\$_hpcst$.hpc
[2009/03/08 12.20.53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2009/03/08 11.47.04 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/04 16.38.08 | 000,000,824 | ---- | C] () -- C:\WINDOWS\System32\PCProxy.ini
[2009/03/04 16.29.05 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2009/01/29 00.02.09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/28 18.33.52 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/04 18.55.15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2009/01/04 18.55.11 | 000,005,810 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009/01/02 16.04.40 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/31 18.04.42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/12/28 22.39.42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/28 22.39.41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/28 22.39.40 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/28 22.39.40 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/28 22.39.38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/28 22.39.38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/02 14.14.06 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 17.40.11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Tommaso\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2006/10/16 13.03.28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/16 12.55.32 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/10/16 12.52.52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/16 12.49.56 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/10/16 12.49.38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/10/16 12.48.02 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/10/16 12.30.26 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/10/16 12.30.08 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/16 12.30.08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/16 12.30.08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/16 12.30.06 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/16 12.30.06 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/16 12.30.06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/16 12.30.06 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/16 12.29.56 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09.56.34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/26 03.05.50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbzlib.dll
[2005/04/26 03.05.50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbaZlib.dll
[2004/09/09 12.11.40 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/10 19.55.38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2002/12/31 22.07.52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\laserjet

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:BEB71B81
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A9662AE0
< End of report >

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:06 AM

Posted 31 March 2010 - 02:30 PM

How is it running now?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users