Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer tell i'm infected by rootkit


  • This topic is locked This topic is locked
11 replies to this topic

#1 ivantnt

ivantnt

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 01 April 2010 - 05:22 AM

Hi, my computer show me strange errors and blue screen errrors and after scanning my pc by Gmer it tell me that my pc is infected by rootkit.

I got sometimes, when i use some program or some antispyware like Superantispayware etc, windows show me a message in the task bar "...the file is corrupted. The file or directory is corrupted or unreadeble. Please run the Chkdsk utility."

For example i made a scanning with gmer and it show me the same messge"Gmer.exe is corrupted. Please........"

I made a scannin with Combofix and the message tell me "Prev.exe is corrupted. File or directory c:\$mft is corrupted or unreadeble. Please run the Chkdsk utility."

and so on....and some times some blue screen error appear.

So now i made some scanning and follow i attached the logs:

1) Scanning with malawarebytes (it didn't find anything)
2) Scanning with random system information tool by random/random
3) Scanning with Gmer
4) Scanning with DDS
5) Scanning with Combofix

I will send you the log of combofix and gmer when you tell me beacause at the moment the forum doesn't me allow to upload any other file.

I hope to hear you soon.

Attached Files


Edited by ivantnt, 01 April 2010 - 05:39 AM.


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:44 AM

Posted 05 April 2010 - 11:13 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 06 April 2010 - 05:57 AM

Hi Shannon2012 and thanks very much for your reply.

I have already add a description about the problem i have in the first post, but if i wasn't clear let me know i try to explain better again.

In attach you will find logs made by gmer and DDS.

Thanks again and i hope to hear you soon

Bye
Ivan

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 07 April 2010 - 04:49 AM

Hi ivantnt,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Due to the warning from the developer of combofix, this tool should not run by oneself for being unsupervised. Sometimes, it will result into an unbootable machine.
If you already have Combofix, please delete that copy and download it again as it's being updated regularly. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
Driver::
abddqysy
bhnekdsp
caqhcqxd
cpodmqxbv
cytjdahy
dwlaxpwk
emxucd
epvqll
eudtjq
fmswdcn
gkqoqvsjz
guovymt
hlooogft
hlvwq
hopzdsjg
iellu
iolbdb
jpxucy
krxuypg
lrlofh
lubwgfru
mreoly
mxwgbfmf
nkyahhrfc
nubmcniv
nykvegopd
ohaofsatu
ongfgcxh
otsewp
oyuacw
pqzoa
qaomvm
qyvqfsl
rlokp
sendv
sfkjbk
siirfo
sjogutkmp
tggxguvsn
toyda
velvfcjo
vgvcdmin
vjmlmair
vvdngxph
webqavcf
xbcwd
xupefp
ygouhmmkt
ypnntzm
zdieplbfx
zgqxi
zhvhudho
zvpun
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2

Please download GMER Rootkit Scanner from Here or Here.
  1. Extract the contents of the zipped file to desktop.
  2. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  3. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  4. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  5. Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  6. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step3

We need to create an OTL Report
  1. Please OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the OTL icon on your desktop.
  4. Click the "Scan All Users" checkbox. .
  5. Push the Run Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



In your next reply, please post back:

1.Combofix log
1.Gmer log
3.OTListIt.txt and Extra.txt

Tell me if you have any remaining issues on your pc.


#5 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 08 April 2010 - 02:51 AM

Hi sundavis , i made the operation you suggested me, and i made new scan and above you find logs as you requested.

The problem anyway is that, after i made all you requested me, i continue to get message error from windows when i use some program, for example:
- using gmer i get the error "C:\$Mtf corrupt and unreadable. Use chkdsk",
- using otl i get the error "c:\windows\system32\drivers\stream.sys corrupt and unreadable. Use chkdsk",
and so on.

Above you will find:
- combofix log
- gmer log
- otl
- extras

Sorry, I make more then one post because if i put all logs in this post the system tell me "the post is too long please reduce it"

Thanks again and i hope to hear you soon.

ComboFix 10-04-06.03 - admin 07/04/2010 12.39.19.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3072.2698 [GMT 2:00]
Eseguito da: c:\documents and settings\admin\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-7C25-9E7C08000A00}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABDDQYSY
-------\Legacy_BHNEKDSP
-------\Legacy_CAQHCQXD
-------\Legacy_CPODMQXBV
-------\Legacy_CYTJDAHY
-------\Legacy_DWLAXPWK
-------\Legacy_EMXUCD
-------\Legacy_EPVQLL
-------\Legacy_EUDTJQ
-------\Legacy_FMSWDCN
-------\Legacy_GKQOQVSJZ
-------\Legacy_GUOVYMT
-------\Legacy_HLOOOGFT
-------\Legacy_HLVWQ
-------\Legacy_HOPZDSJG
-------\Legacy_IELLU
-------\Legacy_IOLBDB
-------\Legacy_JPXUCY
-------\Legacy_KRXUYPG
-------\Legacy_LRLOFH
-------\Legacy_LUBWGFRU
-------\Legacy_MREOLY
-------\Legacy_MXWGBFMF
-------\Legacy_NKYAHHRFC
-------\Legacy_NUBMCNIV
-------\Legacy_NYKVEGOPD
-------\Legacy_OHAOFSATU
-------\Legacy_ONGFGCXH
-------\Legacy_OTSEWP
-------\Legacy_OYUACW
-------\Legacy_PQZOA
-------\Legacy_QAOMVM
-------\Legacy_QYVQFSL
-------\Legacy_RLOKP
-------\Legacy_SENDV
-------\Legacy_SFKJBK
-------\Legacy_SIIRFO
-------\Legacy_SJOGUTKMP
-------\Legacy_TGGXGUVSN
-------\Legacy_TOYDA
-------\Legacy_VELVFCJO
-------\Legacy_VGVCDMIN
-------\Legacy_VJMLMAIR
-------\Legacy_VVDNGXPH
-------\Legacy_WEBQAVCF
-------\Legacy_XBCWD
-------\Legacy_XUPEFP
-------\Legacy_YGOUHMMKT
-------\Legacy_YPNNTZM
-------\Legacy_ZDIEPLBFX
-------\Legacy_ZGQXI
-------\Legacy_ZHVHUDHO
-------\Legacy_ZVPUN
-------\Service_abddqysy
-------\Service_bhnekdsp
-------\Service_caqhcqxd
-------\Service_cpodmqxbv
-------\Service_cytjdahy
-------\Service_dwlaxpwk
-------\Service_emxucd
-------\Service_epvqll
-------\Service_eudtjq
-------\Service_fmswdcn
-------\Service_gkqoqvsjz
-------\Service_guovymt
-------\Service_hlooogft
-------\Service_hlvwq
-------\Service_hopzdsjg
-------\Service_iellu
-------\Service_iolbdb
-------\Service_jpxucy
-------\Service_krxuypg
-------\Service_lrlofh
-------\Service_lubwgfru
-------\Service_mreoly
-------\Service_mxwgbfmf
-------\Service_nkyahhrfc
-------\Service_nubmcniv
-------\Service_nykvegopd
-------\Service_ohaofsatu
-------\Service_ongfgcxh
-------\Service_otsewp
-------\Service_oyuacw
-------\Service_pqzoa
-------\Service_qaomvm
-------\Service_qyvqfsl
-------\Service_rlokp
-------\Service_sendv
-------\Service_sfkjbk
-------\Service_siirfo
-------\Service_sjogutkmp
-------\Service_tggxguvsn
-------\Service_toyda
-------\Service_velvfcjo
-------\Service_vgvcdmin
-------\Service_vjmlmair
-------\Service_vvdngxph
-------\Service_webqavcf
-------\Service_xbcwd
-------\Service_xupefp
-------\Service_ygouhmmkt
-------\Service_ypnntzm
-------\Service_zdieplbfx
-------\Service_zgqxi
-------\Service_zhvhudho
-------\Service_zvpun


((((((((((((((((((((((((( Files Creati Da 2010-03-07 al 2010-04-07 )))))))))))))))))))))))))))))))))))
.

2010-04-01 07:11 . 2010-04-01 07:14 -------- d-----w- C:\rsit
2010-04-01 07:11 . 2010-04-01 07:12 -------- d-----w- c:\programmi\trend micro
2010-04-01 07:03 . 2010-04-01 07:03 -------- d-----w- c:\documents and settings\admin\Dati applicazioni\Malwarebytes
2010-04-01 07:03 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 07:03 . 2010-04-01 07:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-01 07:03 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 07:03 . 2010-04-01 07:03 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-31 09:04 . 2001-08-30 21:08 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-03-31 09:03 . 2001-08-17 19:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2010-03-31 09:02 . 2001-08-17 18:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-03-31 09:01 . 2001-08-30 21:08 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-03-31 09:00 . 2001-08-17 19:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2010-03-31 08:59 . 2001-08-30 21:07 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-03-31 08:58 . 2001-08-30 21:07 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2010-03-31 08:57 . 2004-08-19 06:00 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2010-03-31 08:56 . 2001-08-30 21:07 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-03-31 08:55 . 2001-08-17 20:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2010-03-31 08:54 . 2001-08-17 18:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-03-31 08:53 . 2004-08-19 06:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-03-31 08:52 . 2001-08-17 19:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2010-03-31 08:51 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2010-03-31 08:50 . 2001-08-17 18:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-03-31 08:49 . 2001-08-30 21:07 48128 ----a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2010-03-31 08:48 . 2001-08-17 18:12 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-03-31 08:47 . 2004-08-19 06:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll
2010-03-31 08:46 . 2001-08-30 19:06 14976 ----a-w- c:\windows\system32\dllcache\cyclom-y.sys
2010-03-31 08:45 . 2001-08-30 18:19 13952 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-03-31 08:44 . 2001-08-30 21:07 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2010-03-31 06:46 . 2010-03-31 06:46 -------- d-----w- c:\programmi\ESET
2010-03-30 10:23 . 2010-03-30 10:23 -------- d-----r- c:\documents and settings\NetworkService\Documenti
2010-03-30 10:23 . 2010-03-30 10:23 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2010-03-30 10:23 . 2010-03-30 10:23 -------- d-----w- c:\documents and settings\NetworkService\Menu Avvio
2010-03-30 08:05 . 2010-03-30 08:05 52224 ----a-w- c:\documents and settings\admin\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-30 08:05 . 2010-03-30 08:05 117760 ----a-w- c:\documents and settings\admin\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-30 08:04 . 2010-03-30 08:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-03-30 08:04 . 2010-03-30 08:04 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-03-30 08:04 . 2010-03-30 08:04 -------- d-----w- c:\documents and settings\admin\Dati applicazioni\SUPERAntiSpyware.com
2010-03-30 08:04 . 2010-03-30 08:04 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-03-30 07:55 . 2010-03-30 07:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-29 09:25 . 2010-03-29 09:25 -------- d-----w- C:\_OTL
2010-03-24 14:39 . 2010-03-31 19:39 -------- d-----w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\Temp
2010-03-23 11:35 . 2010-04-07 10:48 -------- d-----w- c:\windows\system32\config\systemprofile\Impostazioni locali
2010-03-23 11:13 . 2010-03-23 11:13 65536 ----a-r- c:\documents and settings\admin\Dati applicazioni\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2010-03-23 11:13 . 2010-03-23 11:13 65536 ----a-r- c:\documents and settings\admin\Dati applicazioni\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2010-03-23 11:13 . 2010-03-23 11:13 65536 ----a-r- c:\documents and settings\admin\Dati applicazioni\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 10:31 . 2004-08-27 09:25 63402 ----a-w- c:\windows\system32\perfc010.dat
2010-04-07 10:31 . 2004-08-27 09:25 425804 ----a-w- c:\windows\system32\perfh010.dat
2010-04-07 09:58 . 2008-02-01 14:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-03-23 11:13 . 2010-02-23 09:24 -------- d-----w- c:\programmi\Sophos
2010-02-23 10:53 . 2010-02-23 10:53 50376 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-02-23 10:53 . 2010-02-23 10:53 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-02-23 10:28 . 2010-02-23 10:28 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-23 08:53 . 2010-02-23 08:53 77312 ----a-w- C:\mbr.exe
2010-02-23 07:46 . 2009-05-12 08:50 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-02-23 07:31 . 2010-02-23 07:31 -------- d-----w- c:\documents and settings\admin\Dati applicazioni\Thunderbird
2010-02-09 07:42 . 2006-11-20 07:17 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-02-09 07:42 . 2006-11-20 07:17 17212 ----atw- c:\windows\system32\SIntf32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-03-17 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-17 7561216]
"Client Access Service"="c:\programmi\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\programmi\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\programmi\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\programmi\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Veloce di WinZip.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2006-6-30 106560]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2003-6-2 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\ARCO\\ARCO2000.EXE"=
"c:\\Programmi\\proeWildfire 3.0\\i486_nt\\nms\\nmsd.exe"=
"c:\\Programmi\\proeWildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Programmi\\proeWildfire 3.0\\i486_nt\\obj\\xtop.exe"=
"c:\\Programmi\\Dassault Systemes\\B19\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Programmi\\Dassault Systemes\\B19\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Programmi\\Dassault Systemes\\B19\\intel_a\\code\\bin\\CATELFSlaveProcess.exe"=
"c:\\Programmi\\Dassault Systemes\\B19\\intel_a\\code\\bin\\CATSysDemon.exe"=
"c:\\Programmi\\Dassault Systemes\\B19\\intel_a\\code\\bin\\CATUTIL.exe"=
"c:\\ARCO\\DELPHI\\UPDCATA.EXE"=
"c:\\Programmi\\proeWildfire 3.0\\bin\\proe.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1051:TCP"= 1051:TCP:*:Disabled:ycwirzc
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24/04/2007 17.52.10 16688]
R1 RSKEY;RSKEY;c:\windows\system32\drivers\RSKEY.SYS [15/02/2007 9.04.45 4928]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
S2 gupdate1ca428f21506e5a;Servizio di Google Update (gupdate1ca428f21506e5a);c:\programmi\Google\Update\GoogleUpdate.exe [01/10/2009 14.03.00 133104]
S3 IBM LUM NDL;IBM Nodelock License Server;c:\ifor\WIN\BIN\i4llmd.exe [11/07/2003 13.03.58 24576]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S4 acrwwv;Manager Microsoft;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 3.00.00 14336]
S4 aogclghkt;zafvaaq;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 3.00.00 14336]
S4 aoqjz;Server Monitor;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 3.00.00 14336]
S4 bbczlcol;Image Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 3.00.00 14336]
S4 IBM LUM CR;IBM Central Registry License Server;c:\ifor\WIN\BIN\i4gdb.exe [11/07/2003 13.04.04 24576]
S4 IBM LUM LMD;IBM Network License Server;c:\ifor\WIN\BIN\i4lmd.exe [11/07/2003 13.03.52 24576]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bbczlcol
aogclghkt
acrwwv
aoqjz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##nethservice#admin]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-07 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-01 10:56]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-01 12:02]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-01 12:02]

2010-04-07 c:\windows\Tasks\User_Feed_Synchronization-{A5FC41D6-E6E3-46E6-9BDE-9740941A141F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.hp.com
IE: Aggiungi a PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {958ACA0A-D3E1-4B51-B0AE-13F5DA0AB299} = 192.168.1.4
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Programmi/proeWildfire%203.0/i486_nt/obj/pvx_install.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 12:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acrwwv]
"ServiceDll"="c:\windows\system32\oladobmo.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aogclghkt]
"ServiceDll"="c:\windows\system32\oladobmo.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aoqjz]
"ServiceDll"="c:\windows\system32\oladobmo.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bbczlcol]
"ServiceDll"="c:\windows\system32\oladobmo.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1972)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-07 12:59:33 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2010-04-07 10:59
ComboFix2.txt 2010-04-01 09:52

Pre-Run: 4.280.397.824 byte disponibili
Post-Run: 4.156.801.024 byte disponibili

- - End Of File - - FBDEFFEDC07EDB57E507D5390366E498


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-08 08:49:29
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\pxtdypob.sys


---- System - GMER 1.0.15 ----

INT 0x62 ? FC941404
INT 0x63 ? FC95CC1C
INT 0x73 ? FC926DD4
INT 0x82 ? FC94C1E4
INT 0x83 ? FC8A5DD4
INT 0x93 ? FC87F22C
INT 0x94 ? FC86FC3C
INT 0xA3 ? FC870DD4
INT 0xA4 ? FC88EC3C
INT 0xB1 ? FC9779C4
INT 0xB4 ? FC93FDD4

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [DISABLED] acrwwv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [DISABLED] aogclghkt <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [DISABLED] aoqjz <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [DISABLED] bbczlcol <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv@DisplayName Manager Microsoft
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\acrwwv\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt@DisplayName zafvaaq
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aogclghkt\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz@DisplayName Server Monitor
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz@Description Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventer? instabile.
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aoqjz\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol@DisplayName Image Network
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol@Description Enables network access to local devices via iSCSI protocol.
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\bbczlcol\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv@DisplayName Manager Microsoft
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv@Start 4
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\acrwwv\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt@DisplayName zafvaaq
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt@Start 4
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\aogclghkt\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz@DisplayName Server Monitor
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz@Start 4
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz@Description Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventer? instabile.
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\aoqjz\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol@DisplayName Image Network
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol@Start 4
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol@Description Enables network access to local devices via iSCSI protocol.
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\bbczlcol\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy@DisplayName Installer Helper
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy@Description Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale.
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\abddqysy\Parameters@ServiceDll C:\Programmi\Internet Explorer\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv@DisplayName Manager Microsoft
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\acrwwv\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt@DisplayName zafvaaq
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\aogclghkt\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz@DisplayName Server Monitor
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz@Description Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventer? instabile.
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\aoqjz\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol@DisplayName Image Network
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol@Description Enables network access to local devices via iSCSI protocol.
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\bbczlcol\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp@DisplayName Support Boot
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\bhnekdsp\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd@DisplayName uvlineubt
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd@Description Fornisce notifiche di eventi hardware AutoPlay.
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\caqhcqxd\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv@DisplayName Windows Support
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv@Description Rileva e controlla le nuove unit? disco rigido e invia informazioni sul volume del disco al Servizio amministrativo di Gestione disco logico per la configurazione. Se il servizio ? stato arrestato, lo stato del disco dinamico e le informazioni di configurazione potrebbero non essere aggiornate. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\cpodmqxbv\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy@DisplayName System Monitor
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy@Description Registra eventi di sistema come accessi a Windows, eventi di rete e alimentazione. Notifica questi eventi ai sottoscrittori COM+ Event System.
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\cytjdahy\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk@DisplayName Boot Installer
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\dwlaxpwk\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd@DisplayName Shell Server
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\emxucd\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll@DisplayName Center Manager
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\epvqll\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq@DisplayName Microsoft Center
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq@Description Gestisce periferiche audio per programmi basati su Windows. Se il servizio ? stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\eudtjq\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn@DisplayName Monitor Boot
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\fmswdcn\Parameters@ServiceDll C:\Programmi\Internet Explorer\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz@DisplayName Network Microsoft
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz@Description Risolve e salva nella cache nomi DNS per il computer. Se il servizio ? stato arrestato, il computer non sar? in grado di risolvere i nomi DNS e di individuare i controller di dominio Active Directory. Se il servizio ? stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gkqoqvsjz\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt@DisplayName System Manager
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\guovymt\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft@DisplayName Shell Boot
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft@Description Fornisce tre servizi di gestione: il servizio Database catalogo, che serve per confermare le firme dei file di Windows; il servizio Archivio principale protetto, per aggiungere e rimuovere dal computer i certificati dell'autorit? di certificazione delle fonti attendibili; e il servizio Chiave, che aiuta a registrare i certificati nel computer. Se questo servizio ? interrotto, i servizi di gestione non funzioneranno in modo corretto. Se il servizio ? disabilitato, tutti i servizi che dipendono direttamente da questo non potranno essere avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hlooogft\Parameters@ServiceDll C:\Programmi\Movie Maker\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq@DisplayName Shell Image
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq@Description Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventer? instabile.
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hlvwq\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg@DisplayName uzijko
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hopzdsjg\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\iellu@DisplayName Monitor Security
Reg HKLM\SYSTEM\ControlSet003\Services\iellu@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\iellu@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\iellu@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\iellu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\iellu@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\iellu@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\iellu\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\iellu\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb@DisplayName Microsoft Support
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb@Description Archivia le informazioni di protezione per gli account utenti locali.
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\iolbdb\Parameters@ServiceDll C:\Programmi\Movie Maker\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy@DisplayName Shell Network
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy@Description Gestisce periferiche audio per programmi basati su Windows. Se il servizio ? stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\jpxucy\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg@DisplayName Time Update
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\krxuypg\Parameters@ServiceDll C:\Programmi\Internet Explorer\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh@DisplayName Monitor Time
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\lrlofh\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru@DisplayName Manager Support
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru@Description Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio.
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\lubwgfru\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly@DisplayName Center Image
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly@Description Enables network access to local devices via iSCSI protocol.
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\mreoly\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf@DisplayName zquesra
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf@Description Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventer? instabile.
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\mxwgbfmf\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc@DisplayName Center Windows
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc@Description Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio.
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\nkyahhrfc\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv@DisplayName Support Helper
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv@Description Gestisce periferiche audio per programmi basati su Windows. Se il servizio ? stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\nubmcniv\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd@DisplayName Time Support
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd@Description Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventer? instabile.
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\nykvegopd\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu@DisplayName Boot Security
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ohaofsatu\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh@DisplayName Time Config
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh@Description Gestisce periferiche audio per programmi basati su Windows. Se il servizio ? stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ongfgcxh\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp@DisplayName Installer Boot
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp@Description Rileva e controlla le nuove unit? disco rigido e invia informazioni sul volume del disco al Servizio amministrativo di Gestione disco logico per la configurazione. Se il servizio ? stato arrestato, lo stato del disco dinamico e le informazioni di configurazione potrebbero non essere aggiornate. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\otsewp\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw@DisplayName Windows Boot
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\oyuacw\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa@DisplayName Monitor Helper
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa@Description Rileva e controlla le nuove unit? disco rigido e invia informazioni sul volume del disco al Servizio amministrativo di Gestione disco logico per la configurazione. Se il servizio ? stato arrestato, lo stato del disco dinamico e le informazioni di configurazione potrebbero non essere aggiornate. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\pqzoa\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm@DisplayName Installer Time
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\qaomvm\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl@DisplayName iexqdiwvk
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl@Description Abilita gli utenti remoti alla modifica delle impostazioni del Registro di sistema del computer in uso. Se il servizio ? stato arrestato, il Registro di sistema potr? essere modificato soltanto dagli utenti del computer. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\qyvqfsl\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp@DisplayName Shell Config
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp@Description Archivia le informazioni di protezione per gli account utenti locali.
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\rlokp\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sendv@DisplayName Driver Image
Reg HKLM\SYSTEM\ControlSet003\Services\sendv@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\sendv@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\sendv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\sendv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\sendv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\sendv@Description Enables network access to local devices via iSCSI protocol.
Reg HKLM\SYSTEM\ControlSet003\Services\sendv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sendv\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk@DisplayName Universal Boot
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk@Description Fornisce funzionalit? di avvio per i servizi DCOM.
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sfkjbk\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo@DisplayName Update Installer
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo@Description Gestisce periferiche audio per programmi basati su Windows. Se il servizio ? stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\siirfo\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp@DisplayName dbigm
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp@Description Fornisce notifiche di eventi hardware AutoPlay.
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sjogutkmp\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn@DisplayName Center Update
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn@Description Mantiene un elenco aggiornato dei computer in rete e lo fornisce ai computer designati come browser. Se il servizio ? stato arrestato, l'elenco non verr? aggiornato o mantenuto. Se il servizio ? stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\tggxguvsn\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\toyda@DisplayName Universal System
Reg HKLM\SYSTEM\ControlSet003\Services\toyda@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\toyda@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\toyda@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\toyda@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\toyda@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\toyda@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\toyda\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\toyda\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo@DisplayName Image Installer
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\velvfcjo\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin@DisplayName uxpkvfim
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin@Description Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio.
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vgvcdmin\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair@DisplayName Server Windows
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair@Description Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio ? stato arrestato, le connessioni non saranno disponibili. Se il servizio ? stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vjmlmair\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph@DisplayName Installer Manager
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vvdngxph\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf@DisplayName Boot Center
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf@Description Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventer? instabile.
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\webqavcf\Parameters@ServiceDll C:\Programmi\Internet Explorer\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd@DisplayName Image Driver
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd@Description Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio ? stato arrestato, le connessioni non saranno disponibili. Se il servizio ? stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\xbcwd\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp@DisplayName Support Time
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp@Description Abilita l'avvio di processi con credenziali alternative. Se il servizio ? stato arrestato, questo tipo di accesso non sar? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\xupefp\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt@DisplayName System Windows
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt@Description Abilita i programmi basati su Windows per creare, accedere e modificare i file basati su Internet. Se il servizio ? stato arrestato, queste funzionalit? non saranno disponibili. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ygouhmmkt\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm@DisplayName Server Support
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm@Description Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio ? arrestato, Guida in linea e supporto tecnico non ? disponibile. Se il servizio ? disabilitato, i servizi da esso dipendenti non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\ypnntzm\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx@DisplayName Server Update
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\zdieplbfx\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi@DisplayName Monitor System
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi@Description Risolve e salva nella cache nomi DNS per il computer. Se il servizio ? stato arrestato, il computer non sar? in grado di risolvere i nomi DNS e di individuare i controller di dominio Active Directory. Se il servizio ? stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\zgqxi\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho@DisplayName Driver Support
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\zhvhudho\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun@DisplayName Image Network
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun@Description Carica i file in memoria per stampare in un secondo momento.
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\zvpun\Parameters@ServiceDll C:\WINDOWS\system32\oladobmo.dll

---- Files - GMER 1.0.15 ----

File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-09.08-03-53.log 0 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-12.08-04-00.log 2067 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-13.08-06-39.log 2212 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-14.08-07-25.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-15.08-09-04.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-16.08-07-22.log 2212 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-19.08-06-03.log 2067 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-20.08-08-40.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-21.08-03-54.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-26.08-04-13.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-27.07-57-55.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-28.08-08-29.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-28.11-35-03.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-30.08-05-27.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-02.08-04-25.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-03.08-05-20.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-03.08-09-02.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-04.08-05-47.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-05.08-01-13.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-06.08-03-37.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-09.08-05-39.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-09.08-17-17.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-10.08-04-09.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-11.08-04-54.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-12.08-03-42.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-13.08-04-37.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-17.08-05-03.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-18.08-10-15.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-18.11-15-12.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-19.08-01-26.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-20.08-01-55.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-23.08-06-29.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-24.08-06-41.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-25.08-05-01.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-26.08-05-27.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-27.08-01-35.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-02.08-04-30.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-03.08-07-53.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-04.08-07-31.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-05.07-57-03.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-06.08-07-43.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-09.08-07-02.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-10.08-04-12.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-11.08-04-59.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-12.08-07-33.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-13.08-02-39.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-16.08-04-09.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-17.08-06-26.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-18.08-04-30.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-19.08-07-35.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-20.08-01-52.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-20.09-21-01.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-08.08-16-13.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-01-29.08-02-48.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-02-16.08-05-43.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-04.14-25-05.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-20.11-41-19.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-15.08-03-32.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-04.08-05-34.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-25.08-02-56.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-11.08-12-51.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-02.08-08-16.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-20.08-12-50.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-03.08-02-41.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-22.09-26-56.log 2212 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-14.08-02-27.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-26.11-50-27.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-27.08-06-58.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-30.08-06-21.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-31.08-05-50.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-03-31.09-59-22.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-01.08-07-55.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-02.08-06-44.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-03.08-05-53.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-06.08-10-43.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-07.08-03-22.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-08.08-07-52.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-09.08-06-35.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-14.08-06-39.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-16.08-03-37.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-17.08-04-27.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-20.08-05-11.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-21.08-07-24.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-21.10-54-51.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-22.08-07-34.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-23.08-12-01.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-23.08-15-54.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-24.09-06-40.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-27.08-07-04.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-27.17-40-01.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-29.08-02-18.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-04-30.08-01-42.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-05.08-05-43.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-06.08-10-36.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-07.08-07-37.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-08.08-03-00.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-11.08-04-30.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-12.08-02-19.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-13.08-02-42.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-14.08-04-03.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-15.08-03-35.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-18.08-09-19.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-19.08-07-59.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-20.08-22-02.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-21.08-08-19.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-26.08-11-50.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-26.11-22-03.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-26.12-32-43.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-26.16-34-18.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-27.08-12-52.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-28.08-08-22.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-05-29.08-08-32.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-03.08-05-35.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-04.08-08-08.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-05.08-04-39.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-08.08-10-13.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-09.08-11-21.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-10.08-06-24.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-15.08-15-48.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-16.08-11-17.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-17.08-09-24.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-18.08-08-08.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-19.08-02-27.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-22.08-02-00.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-23.08-09-22.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-24.08-10-11.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-25.08-10-22.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-26.08-09-19.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-29.08-03-04.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-06-30.08-09-57.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-01.08-10-53.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-03.08-05-17.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-06.08-15-27.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-07.08-06-27.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-08.08-09-32.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-09.08-08-42.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-10.08-04-33.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-13.08-12-16.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-13.11-15-40.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-13.16-10-19.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-14.08-09-29.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-15.08-08-04.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-16.08-08-55.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-17.08-06-09.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-21.08-11-29.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-22.08-09-13.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-23.08-08-13.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-24.08-07-25.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-27.08-08-56.log 2212 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-28.08-07-33.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-29.08-08-33.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-30.08-10-37.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-07-31.08-10-31.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-08-24.08-04-46.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-08-25.08-06-51.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-01.10-15-42.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-02.08-08-06.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-04.07-59-35.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-07.08-03-05.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-08.08-03-40.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-09.08-03-06.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-10.08-02-44.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-14.08-03-41.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-15.08-05-09.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-16.08-07-22.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-17.08-07-00.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-17.14-59-53.log 2212 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-18.08-03-07.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-21.08-06-56.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-22.08-05-27.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-23.08-01-45.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-28.08-07-03.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-30.08-12-32.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-09-30.15-24-56.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-01.08-10-52.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-05.08-05-57.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-06.08-10-28.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-06.09-51-20.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-07.08-11-37.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-08.12-47-15.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-09.08-09-59.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-12.08-10-10.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-13.08-12-55.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-15.08-10-12.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-16.08-08-55.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-10-16.10-01-56.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-06.15-57-00.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-17.08-25-58.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-18.08-10-14.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-19.08-12-18.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-23.08-08-18.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-26.08-07-27.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-27.08-08-26.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-30.08-09-52.log 2213 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-30.11-25-40.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-30.11-53-45.log 2068 bytes
File C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2009-11-30.15-19-13.log 2432 bytes

---- EOF - GMER 1.0.15 ----

#6 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 08 April 2010 - 02:52 AM

OTL logfile created on: 08/04/2010 9.31.14 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 29,29 Gb Total Space | 3,90 Gb Free Space | 13,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 39,07 Gb Total Space | 6,10 Gb Free Space | 15,61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 391,70 Gb Total Space | 221,92 Gb Free Space | 56,66% Space Free | Partition Type: NTFS

Computer Name: FERRI
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 09.30.33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2010/03/29 08.29.04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/07/21 14.34.38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/27 00.31.29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/13 16.48.26 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/11 11.11.53 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2009/03/02 13.08.52 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 16.27.01 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/01/20 11.20.00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe
PRC - [2002/09/20 16.50.10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/11/27 08.10.00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Programmi\WinZip\WZQKPICK.EXE
PRC - [2001/02/23 10.07.30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 09.30.33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/07/21 14.34.38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/02 10.10.08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/26 13.15.25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/13 16.48.26 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2009/05/11 11.11.53 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2009/03/03 15.53.08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programmi\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2006/01/20 11.20.00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/04 00.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/11 13.04.04 | 000,024,576 | ---- | M] (IBM) [Disabled | Stopped] -- C:\IFOR\WIN\BIN\i4gdb.exe -- (IBM LUM CR)
SRV - [2003/07/11 13.03.58 | 000,024,576 | ---- | M] (IBM) [On_Demand | Stopped] -- C:\IFOR\WIN\BIN\i4llmd.exe -- (IBM LUM NDL)
SRV - [2003/07/11 13.03.52 | 000,024,576 | ---- | M] (IBM) [Disabled | Stopped] -- C:\IFOR\WIN\BIN\i4lmd.exe -- (IBM LUM LMD)
SRV - [2002/09/20 16.50.10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/02/04 05.20.00 | 000,053,296 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)
SRV - [2001/02/23 10.07.30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 11.25.50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11.15.58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11.15.58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Programmi\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/15 09.19.58 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/23 01.08.32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/11 11.11.54 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2009/05/11 10.12.28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10.33.11 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/17 19.11.30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 12.35.09 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/09 08.37.56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08.37.48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08.37.46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08.37.46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/24 17.52.10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2006/03/17 16.16.00 | 003,655,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/10/19 12.07.08 | 000,478,208 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/08/03 18.29.50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18.29.48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18.29.46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18.29.46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18.29.46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18.29.44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18.29.44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18.29.42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18.29.42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18.29.40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18.29.40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18.29.38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18.29.38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18.29.38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18.29.38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/08/14 11.41.14 | 000,030,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2002/05/08 19.44.42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2001/08/17 16.20.04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Servizio installazione driver audio Intel® 82801 (WDM)
DRV - [2001/08/17 16.07.42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16.07.40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16.07.36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16.07.34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2000/03/07 20.37.56 | 000,004,928 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RSKEY.SYS -- (RSKEY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programmi\Real\RealPlayer\browserrecord [2008/10/31 15.41.19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programmi\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/30 15.12.41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2010/02/23 09.11.26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins


O1 HOSTS File: ([2010/04/07 12.52.21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Client Access Check Version] C:\Programmi\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Programmi\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Programmi\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Programmi\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio Veloce di WinZip.lnk = C:\Programmi\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2815451968-1294468732-3807718366-1202\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti selezione in Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti selezione in file PDF esistente - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Programmi/proeWildfire%203.0/i486_nt/obj/pvx_install.exe (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04.40.26 | 000,095,034 | R--- | M] () - Z:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##nethservice#admin\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 09.30.32 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/04/07 12.59.42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/07 12.38.01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 12.38.01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 12.38.01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 12.38.01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 12.37.31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/07 12.35.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\new
[2010/04/01 09.11.57 | 000,000,000 | ---D | C] -- C:\Programmi\trend micro
[2010/04/01 09.11.57 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/01 09.09.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\bleeping
[2010/04/01 09.03.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dati applicazioni\Malwarebytes
[2010/04/01 09.03.25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/01 09.03.23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/01 09.03.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/04/01 09.03.22 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/31 11.05.54 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/03/31 11.05.51 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/03/31 11.05.44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2010/03/31 11.05.41 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/03/31 11.05.37 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/03/31 11.05.35 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/03/31 11.05.34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/03/31 11.05.17 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/03/31 11.05.14 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/03/31 11.05.07 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/03/31 11.05.02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2010/03/31 11.04.59 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010/03/31 11.04.58 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/03/31 11.04.58 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/03/31 11.04.54 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2010/03/31 11.04.53 | 000,032,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2010/03/31 11.04.50 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/03/31 11.04.48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/03/31 11.04.43 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/03/31 11.04.41 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/03/31 11.04.38 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/03/31 11.04.37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/03/31 11.04.37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/03/31 11.04.37 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/03/31 11.04.36 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/03/31 11.04.34 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/03/31 11.04.30 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/03/31 11.04.27 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/03/31 11.04.24 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/03/31 11.04.21 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2010/03/31 11.04.19 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/03/31 11.04.16 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2010/03/31 11.04.13 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/03/31 11.04.10 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2010/03/31 11.04.07 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2010/03/31 11.04.04 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2010/03/31 11.04.01 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/03/31 11.03.58 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/03/31 11.03.55 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/03/31 11.03.54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/03/31 11.03.53 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2010/03/31 11.03.52 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/03/31 11.03.51 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/03/31 11.03.50 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/03/31 11.03.46 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2010/03/31 11.03.43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2010/03/31 11.03.40 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2010/03/31 11.03.37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2010/03/31 11.03.35 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/03/31 11.03.32 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2010/03/31 11.03.29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2010/03/31 11.03.26 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2010/03/31 11.03.23 | 000,212,480 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/03/31 11.03.20 | 000,216,576 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/03/31 11.03.18 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2010/03/31 11.03.14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/03/31 11.03.14 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2010/03/31 11.03.10 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/03/31 11.03.07 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/03/31 11.03.04 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/03/31 11.03.02 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/03/31 11.02.59 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/03/31 11.02.56 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/03/31 11.02.53 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2010/03/31 11.02.50 | 000,043,008 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2010/03/31 11.02.49 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2010/03/31 11.02.46 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2010/03/31 11.02.41 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2010/03/31 11.02.38 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2010/03/31 11.02.36 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2010/03/31 11.02.33 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2010/03/31 11.02.29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/03/31 11.02.28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/03/31 11.02.25 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/03/31 11.02.22 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/03/31 11.02.21 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/03/31 11.02.21 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/03/31 11.02.18 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/03/31 11.02.15 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/03/31 11.02.15 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/03/31 11.02.15 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/03/31 11.02.12 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2010/03/31 11.02.08 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2010/03/31 11.02.05 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/03/31 11.02.03 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/03/31 11.01.58 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2010/03/31 11.01.55 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2010/03/31 11.01.53 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2010/03/31 11.01.50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2010/03/31 11.01.48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2010/03/31 11.01.45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2010/03/31 11.01.42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2010/03/31 11.01.41 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/03/31 11.01.40 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2010/03/31 11.01.37 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/03/31 11.01.35 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/03/31 11.01.32 | 000,286,816 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/03/31 11.01.29 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/03/31 11.01.29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/03/31 11.01.26 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/03/31 11.01.23 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2010/03/31 11.01.22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/03/31 11.01.19 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2010/03/31 11.01.15 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2010/03/31 11.01.12 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2010/03/31 11.01.09 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/03/31 11.01.05 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2010/03/31 11.01.03 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2010/03/31 11.01.00 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2010/03/31 11.00.58 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2010/03/31 11.00.57 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2010/03/31 11.00.56 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/03/31 11.00.54 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2010/03/31 11.00.53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/03/31 11.00.50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/03/31 11.00.48 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/03/31 11.00.47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/03/31 11.00.47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/03/31 11.00.45 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/03/31 11.00.42 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/03/31 11.00.39 | 000,036,937 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/03/31 11.00.36 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/03/31 11.00.34 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2010/03/31 11.00.33 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2010/03/31 11.00.32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/03/31 11.00.32 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2010/03/31 11.00.29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2010/03/31 11.00.27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2010/03/31 11.00.27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/03/31 11.00.24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/03/31 11.00.24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2010/03/31 11.00.24 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/03/31 11.00.23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/03/31 11.00.21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2010/03/31 11.00.21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/03/31 11.00.20 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/03/31 11.00.20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/03/31 11.00.20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/03/31 11.00.20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/03/31 11.00.20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/03/31 11.00.19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/03/31 11.00.19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/03/31 11.00.18 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/03/31 11.00.17 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/03/31 11.00.15 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/03/31 11.00.12 | 000,095,050 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/03/31 11.00.10 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2010/03/31 11.00.07 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2010/03/31 11.00.06 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/03/31 11.00.04 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2010/03/31 11.00.01 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2010/03/31 10.59.59 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2010/03/31 10.59.56 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2010/03/31 10.59.53 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2010/03/31 10.59.51 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2010/03/31 10.59.50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/03/31 10.59.39 | 000,161,792 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/03/31 10.59.36 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/03/31 10.59.33 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/03/31 10.59.31 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/03/31 10.59.28 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2010/03/31 10.59.24 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/03/31 10.59.21 | 000,018,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2010/03/31 10.59.17 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2010/03/31 10.59.16 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2010/03/31 10.59.13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/03/31 10.59.13 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2010/03/31 10.59.10 | 000,017,536 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/03/31 10.59.08 | 000,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2010/03/31 10.59.05 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/03/31 10.59.02 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/03/31 10.59.00 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2010/03/31 10.58.58 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2010/03/31 10.58.54 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2010/03/31 10.58.52 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2010/03/31 10.58.50 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/03/31 10.58.47 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/03/31 10.58.45 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/03/31 10.58.42 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/03/31 10.58.40 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/03/31 10.58.37 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/03/31 10.58.35 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/03/31 10.58.32 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/03/31 10.58.30 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/03/31 10.58.27 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2010/03/31 10.58.25 | 000,083,456 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/03/31 10.58.22 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/03/31 10.58.22 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/03/31 10.58.22 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/03/31 10.58.21 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/03/31 10.58.20 | 000,028,160 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/03/31 10.58.18 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/03/31 10.58.16 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/03/31 10.58.14 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2010/03/31 10.58.11 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/03/31 10.58.08 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2010/03/31 10.58.06 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/03/31 10.58.03 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/03/31 10.58.00 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/03/31 10.57.59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/03/31 10.57.59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/03/31 10.57.55 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2010/03/31 10.57.52 | 000,715,338 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/03/31 10.57.50 | 000,899,754 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/03/31 10.57.47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2010/03/31 10.57.45 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2010/03/31 10.57.44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/03/31 10.57.44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/03/31 10.57.40 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2010/03/31 10.57.37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2010/03/31 10.57.35 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2010/03/31 10.57.33 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2010/03/31 10.57.30 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2010/03/31 10.57.29 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2010/03/31 10.57.26 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/03/31 10.57.24 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/03/31 10.57.21 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2010/03/31 10.57.21 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/03/31 10.57.18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2010/03/31 10.57.15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2010/03/31 10.57.11 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/03/31 10.57.09 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2010/03/31 10.57.07 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2010/03/31 10.57.06 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2010/03/31 10.57.03 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/03/31 10.57.03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/03/31 10.57.03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2010/03/31 10.57.02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/03/31 10.56.59 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2010/03/31 10.56.56 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2010/03/31 10.56.54 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2010/03/31 10.56.51 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2010/03/31 10.56.49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2010/03/31 10.56.47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2010/03/31 10.56.44 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2010/03/31 10.56.44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/03/31 10.56.43 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2010/03/31 10.56.42 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2010/03/31 10.56.42 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2010/03/31 10.56.41 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2010/03/31 10.56.38 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2010/03/31 10.56.36 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2010/03/31 10.56.35 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010/03/31 10.56.32 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/03/31 10.56.30 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2010/03/31 10.56.28 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2010/03/31 10.56.25 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2010/03/31 10.56.23 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/03/31 10.56.22 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/03/31 10.56.19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/03/31 10.56.19 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/03/31 10.56.18 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/03/31 10.56.18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/03/31 10.56.15 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2010/03/31 10.56.13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2010/03/31 10.56.11 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2010/03/31 10.56.08 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2010/03/31 10.56.06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2010/03/31 10.56.03 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2010/03/31 10.56.01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2010/03/31 10.55.59 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2010/03/31 10.55.56 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2010/03/31 10.55.54 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2010/03/31 10.55.52 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2010/03/31 10.55.49 | 000,054,826 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/03/31 10.55.43 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/03/31 10.55.40 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/03/31 10.55.30 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2010/03/31 10.55.28 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2010/03/31 10.55.22 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/03/31 10.55.19 | 000,009,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2010/03/31 10.55.16 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2010/03/31 10.55.15 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2010/03/31 10.55.12 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/03/31 10.55.10 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/03/31 10.55.05 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/03/31 10.55.04 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/03/31 10.55.04 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/03/31 10.55.01 | 000,066,174 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2010/03/31 10.54.58 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/03/31 10.54.56 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/03/31 10.54.54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2010/03/31 10.54.53 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/03/31 10.54.52 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/03/31 10.54.50 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/03/31 10.54.48 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/03/31 10.54.45 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/03/31 10.54.43 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/03/31 10.54.41 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/03/31 10.54.38 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/03/31 10.54.36 | 000,130,048 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2010/03/31 10.54.34 | 000,053,279 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2010/03/31 10.54.31 | 000,076,544 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/03/31 10.54.29 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/03/31 10.54.27 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/03/31 10.54.25 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/03/31 10.54.22 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/03/31 10.54.22 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/03/31 10.54.20 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/03/31 10.54.13 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2010/03/31 10.54.13 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/03/31 10.54.06 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2010/03/31 10.54.01 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2010/03/31 10.54.00 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2010/03/31 10.53.59 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/03/31 10.53.59 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/03/31 10.53.50 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2010/03/31 10.53.48 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2010/03/31 10.53.47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/03/31 10.53.41 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/03/31 10.53.39 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/03/31 10.53.34 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2010/03/31 10.53.31 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2010/03/31 10.53.29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2010/03/31 10.53.26 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2010/03/31 10.53.24 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2010/03/31 10.53.24 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/03/31 10.53.24 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/03/31 10.53.23 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2010/03/31 10.53.21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2010/03/31 10.53.18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/03/31 10.53.18 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2010/03/31 10.53.16 | 000,165,034 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/03/31 10.53.12 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2010/03/31 10.53.09 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2010/03/31 10.53.07 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2010/03/31 10.53.05 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2010/03/31 10.53.01 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2010/03/31 10.53.01 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2010/03/31 10.52.59 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/03/31 10.52.57 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/03/31 10.52.56 | 000,422,272 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/03/31 10.52.56 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2010/03/31 10.52.54 | 000,577,322 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/03/31 10.52.53 | 000,607,292 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/03/31 10.52.51 | 000,728,394 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/03/31 10.52.48 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/03/31 10.52.48 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2010/03/31 10.52.45 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/03/31 10.52.43 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/03/31 10.52.41 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/03/31 10.52.38 | 000,015,872 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/03/31 10.52.37 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/03/31 10.52.35 | 000,026,986 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/03/31 10.52.33 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/03/31 10.52.33 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/03/31 10.52.32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/03/31 10.52.32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/03/31 10.52.29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/03/31 10.52.29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2010/03/31 10.52.27 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2010/03/31 10.52.27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2010/03/31 10.52.27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/03/31 10.52.26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/03/31 10.52.26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/03/31 10.52.26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/03/31 10.52.25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/03/31 10.52.25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/03/31 10.52.25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/03/31 10.52.25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/03/31 10.52.25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/03/31 10.52.24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/03/31 10.52.24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/03/31 10.52.23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/03/31 10.52.21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/03/31 10.52.19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/03/31 10.52.19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/03/31 10.52.18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/03/31 10.52.18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/03/31 10.52.18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/03/31 10.52.18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/03/31 10.52.17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/03/31 10.52.17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/03/31 10.52.17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/03/31 10.52.16 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/03/31 10.52.16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/03/31 10.52.15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/03/31 10.52.15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/03/31 10.52.14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/03/31 10.52.14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/03/31 10.52.13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/03/31 10.52.13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/03/31 10.52.13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/03/31 10.52.13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/03/31 10.52.12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010/03/31 10.52.12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/03/31 10.52.10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/03/31 10.52.08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/03/31 10.52.06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/03/31 10.52.05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/03/31 10.52.05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/03/31 10.52.04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/03/31 10.52.03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/03/31 10.52.01 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2010/03/31 10.51.59 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2010/03/31 10.51.58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/03/31 10.51.56 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/03/31 10.51.55 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/03/31 10.51.55 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2010/03/31 10.51.54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/03/31 10.51.51 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010/03/31 10.51.49 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2010/03/31 10.51.47 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2010/03/31 10.51.45 | 000,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2010/03/31 10.51.43 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2010/03/31 10.51.43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/03/31 10.51.40 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/03/31 10.51.39 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/03/31 10.51.38 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/03/31 10.51.37 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/03/31 10.51.35 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/03/31 10.51.35 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/03/31 10.51.35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/03/31 10.51.34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/03/31 10.51.33 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/03/31 10.51.33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/03/31 10.51.33 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/03/31 10.51.26 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/03/31 10.51.24 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2010/03/31 10.51.22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2010/03/31 10.51.20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2010/03/31 10.51.19 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2010/03/31 10.51.17 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2010/03/31 10.51.15 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2010/03/31 10.51.13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2010/03/31 10.51.11 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2010/03/31 10.51.09 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2010/03/31 10.51.07 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2010/03/31 10.51.05 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2010/03/31 10.51.03 | 000,010,752 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2010/03/31 10.51.01 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2010/03/31 10.50.58 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2010/03/31 10.50.56 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2010/03/31 10.50.56 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2010/03/31 10.50.55 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/03/31 10.50.52 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/03/31 10.50.50 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/03/31 10.50.46 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2010/03/31 10.50.44 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2010/03/31 10.50.43 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2010/03/31 10.50.41 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2010/03/31 10.50.39 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2010/03/31 10.50.37 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2010/03/31 10.50.35 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2010/03/31 10.50.33 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2010/03/31 10.50.31 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2010/03/31 10.50.29 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2010/03/31 10.50.27 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2010/03/31 10.50.25 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2010/03/31 10.50.23 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2010/03/31 10.50.21 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2010/03/31 10.50.19 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2010/03/31 10.50.17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2010/03/31 10.50.16 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2010/03/31 10.50.14 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2010/03/31 10.50.12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2010/03/31 10.50.10 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/03/31 10.50.06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2010/03/31 10.50.03 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/03/31 10.49.59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2010/03/31 10.49.56 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2010/03/31 10.49.52 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2010/03/31 10.49.50 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2010/03/31 10.49.49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/03/31 10.49.48 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2010/03/31 10.49.45 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/03/31 10.49.42 | 000,908,224 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2010/03/31 10.49.42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/03/31 10.49.41 | 000,028,416 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/03/31 10.49.40 | 000,082,688 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/03/31 10.49.38 | 000,017,536 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/03/31 10.49.36 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010/03/31 10.49.36 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010/03/31 10.49.34 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2010/03/31 10.49.33 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2010/03/31 10.49.31 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2010/03/31 10.49.29 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2010/03/31 10.49.28 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/03/31 10.49.26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/03/31 10.49.26 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/03/31 10.49.24 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/03/31 10.49.23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/03/31 10.49.22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2010/03/31 10.49.20 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/03/31 10.49.18 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/03/31 10.49.18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/03/31 10.49.17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/03/31 10.49.15 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/03/31 10.49.14 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/03/31 10.49.12 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/03/31 10.49.11 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/03/31 10.49.09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2010/03/31 10.49.09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/03/31 10.49.07 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2010/03/31 10.49.02 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2010/03/31 10.49.00 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/03/31 10.48.59 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2010/03/31 10.48.57 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/03/31 10.48.55 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/03/31 10.48.53 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2010/03/31 10.48.52 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2010/03/31 10.48.51 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/03/31 10.48.51 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/03/31 10.48.49 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010/03/31 10.48.48 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010/03/31 10.48.47 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/03/31 10.48.46 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010/03/31 10.48.46 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/03/31 10.48.44 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2010/03/31 10.48.44 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010/03/31 10.48.42 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2010/03/31 10.48.41 | 000,348,062 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2010/03/31 10.48.39 | 000,594,750 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2010/03/31 10.48.38 | 000,596,159 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2010/03/31 10.48.36 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2010/03/31 10.48.35 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/03/31 10.48.33 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2010/03/31 10.48.32 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2010/03/31 10.48.30 | 000,062,464 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2010/03/31 10.48.29 | 000,051,712 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2010/03/31 10.48.27 | 000,053,760 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2010/03/31 10.48.26 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2010/03/31 10.48.24 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2010/03/31 10.48.23 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2010/03/31 10.48.22 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2010/03/31 10.48.21 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2010/03/31 10.48.17 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2010/03/31 10.48.16 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2010/03/31 10.48.15 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2010/03/31 10.48.13 | 000,176,128 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2010/03/31 10.48.12 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2010/03/31 10.48.11 | 000,455,711 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2010/03/31 10.48.10 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2010/03/31 10.48.08 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2010/03/31 10.48.07 | 000,241,270 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2010/03/31 10.48.06 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2010/03/31 10.48.05 | 000,634,166 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2010/03/31 10.48.04 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2010/03/31 10.48.03 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2010/03/31 10.48.02 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2010/03/31 10.48.01 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2010/03/31 10.48.00 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2010/03/31 10.47.59 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/03/31 10.47.59 | 000,044,615 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2010/03/31 10.47.58 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2010/03/31 10.47.56 | 000,051,743 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2010/03/31 10.47.54 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/03/31 10.47.53 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/03/31 10.47.50 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/03/31 10.47.49 | 000,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2010/03/31 10.47.48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2010/03/31 10.47.47 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010/03/31 10.47.47 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2010/03/31 10.47.44 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/03/31 10.47.44 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010/03/31 10.47.43 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/03/31 10.47.42 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/03/31 10.47.38 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/03/31 10.47.38 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/03/31 10.47.36 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/03/31 10.47.35 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/03/31 10.47.34 | 000,622,621 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2010/03/31 10.47.33 | 000,042,624 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2010/03/31 10.47.32 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2010/03/31 10.47.31 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2010/03/31 10.47.30 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2010/03/31 10.47.29 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2010/03/31 10.47.28 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2010/03/31 10.47.27 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2010/03/31 10.47.26 | 000,103,460 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2010/03/31 10.47.26 | 000,090,685 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2010/03/31 10.47.25 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2010/03/31 10.47.24 | 000,037,959 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2010/03/31 10.47.23 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2010/03/31 10.47.21 | 000,421,917 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2010/03/31 10.47.21 | 000,029,787 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2010/03/31 10.47.19 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/03/31 10.47.19 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/03/31 10.47.18 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2010/03/31 10.47.17 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2010/03/31 10.47.16 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/03/31 10.47.15 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2010/03/31 10.47.14 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2010/03/31 10.47.13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2010/03/31 10.47.12 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2010/03/31 10.47.11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2010/03/31 10.47.10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2010/03/31 10.47.09 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2010/03/31 10.47.07 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2010/03/31 10.47.06 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2010/03/31 10.47.05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2010/03/31 10.47.04 | 000,050,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2010/03/31 10.47.03 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2010/03/31 10.47.02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2010/03/31 10.47.01 | 000,050,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2010/03/31 10.47.00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2010/03/31 10.46.59 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2010/03/31 10.46.58 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/03/31 10.46.58 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2010/03/31 10.46.57 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/03/31 10.46.56 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/03/31 10.46.55 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/03/31 10.46.54 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/03/31 10.46.54 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/03/31 10.46.53 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/03/31 10.46.52 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2010/03/31 10.46.51 | 000,251,392 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/03/31 10.46.50 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2010/03/31 10.46.50 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2010/03/31 10.46.49 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2010/03/31 10.46.47 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2010/03/31 10.46.46 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/03/31 10.46.46 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2010/03/31 10.46.45 | 000,061,322 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/03/31 10.46.45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/03/31 10.46.44 | 000,022,045 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2010/03/31 10.46.43 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2010/03/31 10.46.42 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/03/31 10.46.42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/03/31 10.46.42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/03/31 10.46.40 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010/03/31 10.46.39 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2010/03/31 10.46.38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2010/03/31 10.46.36 | 000,020,992 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/03/31 10.46.36 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2010/03/31 10.46.35 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2010/03/31 10.46.35 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2010/03/31 10.46.34 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2010/03/31 10.46.34 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2010/03/31 10.46.33 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2010/03/31 10.46.32 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2010/03/31 10.46.30 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/03/31 10.46.30 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2010/03/31 10.46.29 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/03/31 10.46.28 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/03/31 10.46.28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/03/31 10.46.28 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/03/31 10.46.27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/03/31 10.46.27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/03/31 10.46.27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/03/31 10.46.25 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/03/31 10.46.25 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/03/31 10.46.24 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/03/31 10.46.24 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/03/31 10.46.23 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/03/31 10.46.22 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/03/31 10.46.22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2010/03/31 10.46.21 | 000,715,338 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/03/31 10.46.21 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/03/31 10.46.20 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/03/31 10.46.20 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/03/31 10.46.19 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/03/31 10.46.18 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/03/31 10.46.17 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010/03/31 10.46.17 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/03/31 10.46.16 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2010/03/31 10.46.16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2010/03/31 10.46.15 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2010/03/31 10.46.15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2010/03/31 10.46.14 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2010/03/31 10.46.14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2010/03/31 10.46.13 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2010/03/31 10.46.13 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2010/03/31 10.46.12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/03/31 10.46.12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/03/31 10.45.54 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2010/03/31 10.45.53 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/03/31 10.45.52 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/03/31 10.45.51 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/03/31 10.45.51 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/03/31 10.45.51 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/03/31 10.45.50 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/03/31 10.45.49 | 000,039,680 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/03/31 10.45.49 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/03/31 10.45.48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/03/31 10.45.47 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/03/31 10.45.47 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/03/31 10.45.46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010/03/31 10.45.46 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/03/31 10.45.45 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/03/31 10.45.45 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/03/31 10.45.45 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/03/31 10.45.44 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/03/31 10.45.44 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/03/31 10.45.43 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/03/31 10.45.43 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/03/31 10.45.41 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010/03/31 10.45.40 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/03/31 10.45.40 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/03/31 10.45.40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/03/31 10.45.39 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010/03/31 10.45.39 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010/03/31 10.45.38 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010/03/31 10.45.38 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/03/31 10.45.37 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/03/31 10.45.37 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/03/31 10.45.36 | 000,097,152 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/03/31 10.45.36 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/03/31 10.45.35 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/03/31 10.45.35 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/03/31 10.45.34 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/03/31 10.45.34 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/03/31 10.45.32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/03/31 10.45.32 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/03/31 10.45.32 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/03/31 10.45.31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/03/31 10.45.24 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010/03/31 10.45.24 | 000,070,784 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010/03/31 10.45.23 | 000,281,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010/03/31 10.45.22 | 000,289,920 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010/03/31 10.45.22 | 000,075,392 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010/03/31 10.45.22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010/03/31 10.45.21 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010/03/31 10.45.21 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010/03/31 10.45.20 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010/03/31 10.45.19 | 000,077,824 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/03/31 10.45.18 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010/03/31 10.45.18 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/03/31 10.45.18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/03/31 10.45.17 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/03/31 10.45.16 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010/03/31 10.45.16 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010/03/31 10.45.16 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010/03/31 10.45.14 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010/03/31 10.45.14 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/03/31 10.45.13 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/03/31 10.45.13 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010/03/31 10.45.12 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010/03/31 10.45.12 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010/03/31 10.45.12 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010/03/31 10.45.11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010/03/31 10.45.08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/03/31 10.45.06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/03/31 10.45.05 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/03/31 10.45.05 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/03/31 10.45.05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/03/31 10.45.04 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/03/31 10.45.04 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/03/31 10.45.03 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/03/31 10.45.03 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/03/31 10.45.03 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/03/31 10.45.02 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/03/31 10.45.02 | 000,061,952 | ---- | C] (Scanner piano a colori) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/03/31 10.45.01 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/03/31 10.45.01 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/03/31 10.45.00 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/03/31 10.45.00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/03/31 10.44.59 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/03/31 10.44.58 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/03/31 10.44.58 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/03/31 10.44.58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/03/31 10.44.58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/03/31 10.44.57 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/03/31 10.44.57 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/03/31 10.44.37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/03/31 10.44.24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/03/31 10.44.11 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/03/31 10.44.11 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/03/31 10.44.11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/03/31 10.44.10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/03/31 10.44.10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/03/31 10.44.09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/03/31 10.44.04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/03/31 08.46.24 | 000,000,000 | ---D | C] -- C:\Programmi\ESET
[2010/03/30 12.28.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2010/03/30 12.28.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2010/03/30 12.28.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2010/03/30 12.23.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/30 12.23.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Identities
[2010/03/30 11.21.27 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\TFC.exe
[2010/03/30 10.04.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
[2010/03/30 10.04.38 | 000,000,000 | ---D | C] -- C:\Programmi\SUPERAntiSpyware
[2010/03/30 10.04.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dati applicazioni\SUPERAntiSpyware.com
[2010/03/30 10.04.20 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2010/03/29 11.25.04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/24 16.39.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Impostazioni locali\Dati applicazioni\Temp
[2010/03/23 10.41.35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Documenti\Video
[2010/03/23 10.33.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Temp
[2009/11/30 16.43.15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2009/11/30 16.43.15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2009/11/30 16.43.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2009/11/15 21.02.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Temp
[2009/10/01 14.03.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google

========== Files - Modified Within 30 Days ==========

[2010/04/08 09.31.00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A5FC41D6-E6E3-46E6-9BDE-9740941A141F}.job
[2010/04/08 09.30.33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/04/08 09.28.35 | 000,931,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 09.28.35 | 000,425,804 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/04/08 09.28.35 | 000,380,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 09.28.35 | 000,063,402 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/04/08 09.28.35 | 000,052,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/08 09.24.59 | 000,063,671 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/04/08 09.24.56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 09.24.55 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 09.24.42 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 09.24.31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 09.24.29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 09.24.28 | 3220,770,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 15.39.00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/07 12.52.54 | 000,000,316 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/07 12.52.21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/07 12.49.39 | 002,621,440 | ---- | M] () -- C:\Documents and Settings\admin\ntuser.dat
[2010/04/07 12.49.38 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/04/07 12.36.59 | 003,908,851 | R--- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/04/06 08.05.52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\dds.scr
[2010/04/01 12.50.00 | 000,069,998 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\bleeping.rar
[2010/04/01 09.03.27 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 07.52.44 | 001,104,874 | -H-- | M] () -- C:\Documents and Settings\admin\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/31 21.39.44 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/31 08.41.43 | 000,000,142 | ---- | M] () -- C:\WINDOWS\ricdb.ini
[2010/03/31 08.41.42 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\RPCS.ini
[2010/03/30 11.35.42 | 035,675,064 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\h87y6u4b.exe
[2010/03/30 11.06.01 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\TFC.exe
[2010/03/30 10.04.41 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/29 15.24.58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15.24.46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/23 13.50.08 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/03/23 10.38.30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/23 10.38.16 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\admin\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 13.47.44 | 003,920,384 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\conficker-removal-tool.msi
[2010/03/18 12.41.57 | 000,069,600 | ---- | M] () -- C:\Documents and Settings\admin\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/18 12.40.45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\admin\defogger_reenable
[2010/03/18 11.13.34 | 019,982,392 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\epson12178.exe
[2010/03/12 18.02.38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2010/04/08 09.24.26 | 3220,770,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/07 12.38.01 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 12.38.01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 12.38.01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 12.38.01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 12.38.01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/07 12.36.59 | 003,908,851 | R--- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/04/06 12.06.13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\dds.scr
[2010/04/01 12.50.00 | 000,069,998 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\bleeping.rar
[2010/04/01 09.03.27 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 11.05.50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/03/31 11.05.47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/03/31 11.05.41 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/03/31 10.57.17 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/03/31 10.57.14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/03/31 10.57.10 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/03/31 10.57.10 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/03/31 10.55.47 | 000,044,361 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/03/31 10.53.47 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/03/31 10.52.31 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/03/31 10.52.29 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/03/31 10.51.34 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/03/31 10.50.08 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/03/31 10.50.05 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/03/31 10.50.01 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/03/31 10.49.57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/03/31 10.49.54 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/03/31 10.49.42 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/03/31 10.47.41 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/03/31 10.47.40 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/03/31 10.47.39 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/03/31 10.47.37 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/03/31 10.46.10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/03/31 10.46.09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/03/31 10.46.09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/03/31 10.46.09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/03/31 10.46.08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/03/31 10.46.08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/03/31 10.46.08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/03/31 10.46.07 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/03/31 10.46.07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/03/31 10.46.07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/03/31 10.46.06 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/03/31 10.46.06 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/03/31 10.46.06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/03/31 10.46.06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/03/31 10.46.05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/03/31 10.46.05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/03/31 10.46.05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/03/31 10.46.05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/03/31 10.46.04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/03/31 10.46.04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/03/31 10.46.04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/03/31 10.46.04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/03/31 10.46.04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/03/31 10.46.03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/03/31 10.46.03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/03/31 10.46.03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/03/31 10.46.03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/03/31 10.46.02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/03/31 10.46.02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/03/31 10.46.02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/03/31 10.46.02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/03/31 10.46.01 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/03/31 10.46.01 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/03/31 10.46.01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/03/31 10.46.01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/03/31 10.46.00 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/03/31 10.46.00 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/03/31 10.46.00 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/03/31 10.45.59 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/03/31 10.45.59 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/03/31 10.45.59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/03/31 10.45.58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/03/31 10.45.58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/03/31 10.45.58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/03/31 10.45.58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/03/31 10.45.57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/03/31 10.45.57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/03/31 10.45.57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/03/31 10.45.57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/03/31 10.45.57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/03/31 10.45.56 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/03/31 10.45.56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/03/31 10.45.56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/03/31 10.45.55 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/03/31 10.45.55 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/03/31 10.45.55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/03/31 10.45.55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/03/31 10.45.54 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/03/31 10.45.42 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/03/31 10.45.41 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/03/31 10.45.30 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/03/31 10.45.29 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/03/31 10.45.29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/03/31 10.45.28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/03/31 10.45.26 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/03/31 10.45.25 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/03/31 10.45.25 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/03/31 10.45.25 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/03/31 10.45.23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/03/31 10.45.20 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/03/30 11.35.40 | 035,675,064 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\h87y6u4b.exe
[2010/03/30 10.04.41 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/26 15.31.31 | 002,621,440 | ---- | C] () -- C:\Documents and Settings\admin\ntuser.dat
[2010/03/23 13.13.38 | 003,920,384 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\conficker-removal-tool.msi
[2010/03/23 13.13.18 | 000,002,529 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/03/23 10.38.15 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\admin\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 12.40.45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\defogger_reenable
[2010/03/18 11.13.34 | 019,982,392 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\epson12178.exe
[2010/01/25 13.23.51 | 000,000,349 | ---- | C] () -- C:\WINDOWS\modelcheck.INI
[2009/11/30 12.25.51 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\admin\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/11/30 12.25.47 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\admin\ntuser.dat.LOG
[2009/11/30 12.25.47 | 000,000,194 | -HS- | C] () -- C:\Documents and Settings\admin\ntuser.ini
[2009/09/15 16.35.58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2009/09/01 16.17.39 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/11/07 18.11.59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 08.33.12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/24 17.52.10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\shfldol.sys
[2007/02/15 09.04.45 | 000,004,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\RSKEY.SYS
[2006/11/20 09.17.42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/11/20 09.17.42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/07/03 08.48.27 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2006/07/03 08.47.56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2006/07/03 08.47.55 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2006/07/03 08.47.55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2006/07/03 08.47.55 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2006/07/03 08.47.55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2006/07/03 08.47.55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2006/07/03 08.47.55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2006/07/03 08.47.55 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2006/07/03 08.47.55 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2006/06/30 16.54.34 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/30 15.49.10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2006/06/30 14.00.40 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2006/06/30 07.52.54 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/06/30 07.52.54 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/06/16 15.20.13 | 000,007,421 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/16 15.19.50 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/16 15.19.50 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/16 15.19.50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/16 15.19.48 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/16 15.19.48 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/16 15.19.47 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/16 06.44.05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/16 06.36.54 | 000,000,772 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/16 06.35.09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/09/05 09.59.50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/09/05 09.58.04 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/19 03.00.00 | 000,049,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\stream.sys
[2002/10/06 20.42.57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 01.04.25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/05 01.04.24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 01.04.17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/16 01.38.40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 15.19.00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002/04/19 16.23.26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 15.51.04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2002/02/21 18.41.20 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/06/22 13.06.02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[2001/02/06 17.18.22 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
< End of report >



OTL Extras logfile created on: 08/04/2010 9.31.14 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 29,29 Gb Total Space | 3,90 Gb Free Space | 13,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 39,07 Gb Total Space | 6,10 Gb Free Space | 15,61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 391,70 Gb Total Space | 221,92 Gb Free Space | 56,66% Space Free | Partition Type: NTFS

Computer Name: FERRI
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programmi\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programmi\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programmi\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1051:TCP" = 1051:TCP:*:Disabled:ycwirzc
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\ARCO\ARCO2000.EXE" = C:\ARCO\ARCO2000.EXE:*:Enabled:Applicativi per Ricambisti Concessionari e Officine -- (SoftWay S.R.L.)
"C:\Programmi\proeWildfire 3.0\i486_nt\nms\nmsd.exe" = C:\Programmi\proeWildfire 3.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programmi\proeWildfire 3.0\i486_nt\obj\pro_comm_msg.exe" = C:\Programmi\proeWildfire 3.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programmi\proeWildfire 3.0\i486_nt\obj\xtop.exe" = C:\Programmi\proeWildfire 3.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\orbixd.exe" = C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd -- ()
"C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CNEXT.exe" = C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA -- (Dassault Systemes)
"C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CATELFSlaveProcess.exe" = C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CATELFSlaveProcess.exe:*:Disabled:CATElfiniSolver -- (Dassault Systemes)
"C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CATSysDemon.exe" = C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CATSysDemon.exe:*:Disabled:System -- (Dassault Systemes)
"C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CATUTIL.exe" = C:\Programmi\Dassault Systemes\B19\intel_a\code\bin\CATUTIL.exe:*:Enabled:V5 Batch Management -- (Dassault Systemes)
"C:\ARCO\DELPHI\UPDCATA.EXE" = C:\ARCO\DELPHI\UPDCATA.EXE:*:Disabled:Applicativi per Ricambisti Concessionari e Officine -- (SoftWay S.R.L.)
"C:\Programmi\proeWildfire 3.0\bin\proe.exe" = C:\Programmi\proeWildfire 3.0\bin\proe.exe:*:Disabled:Pro/ENGINEER -- (PTC)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08B8D81C-5A0E-11D3-8A60-00805F9BD2E6}" = Microsoft Project 2000 SR-1
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{11439F51-B8D2-4736-9CDF-8889FEBE1040}" = Nero 7 Premium
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2c557f98-ef74-4a1e-a856-9df2f633b41f}" = Sophos confic-a Cleanup Tool
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5783F2D7-0201-0410-0002-0060B0CE6BBA}" = AutoCAD 2004
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{808E5AB1-E98F-4362-AB10-B5B69CB2301C}" = HP Workstation User Guides
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilit per Office System 2007
"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-1040-7D00-7760-000000000003}" = Adobe Acrobat 8 Professional - Italiano, Espaol, Nederlands
"{AC76BA86-7AD7-1040-7B44-A91000000001}" = Adobe Reader 9.1.1 - Italiano
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AFF8387B-A958-48F8-9E1C-2E9485A1985A}" = Retrospect 7.0
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B8A921B4-570C-4256-9029-35BC991344C2}" = HP Performance Tuning Framework
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel® PRO Network Connections
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E752A4-F328-11D6-B4DA-0004ACD34C71}" = License Use Management Runtime
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 8 Professional - Italiano, Espaol, Nederlands" = Adobe Acrobat 8.1.7 Professional
"Adobe Acrobat 8 Professional - Italiano, Espaol, Nederlands_817" = Adobe Acrobat 8.1.7 - CPSID_50029
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Autodesk Express Viewer" = Autodesk Express Viewer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CdaC13Ba" = SafeCast Shared Components
"ClientAccessExpress" = IBM iSeries Access per Windows
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pacchetto driver Windows - Nokia Modem (06/01/2009 4.1)
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pacchetto driver Windows - Nokia Modem (06/01/2009 7.01.0.3)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lotus Notes" = Lotus Notes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Nero Sipps!UninstallKey" = Nero Sipps
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Pro/ENGINEER Release Wildfire 3.0 Datecode M180" = Pro/ENGINEER Release Wildfire 3.0 Datecode M180
"Rhinoceros 2.0" = Rhinoceros 2.0
"Software Setup" = Software Setup
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"VirtualCloneDrive" = VirtualCloneDrive
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XviD_is1" = XviD MPEG-4 Video Codec
"YASA MP4 Video Converter v3.2 (build 0051)" = YASA MP4 Video Converter v3.2 (build 0051)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/04/2010 5.27.29 | Computer Name = FERRI | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non riuscita
a contattare un server di elenchi (0x8007054b) Il dominio specificato non esiste
o impossibile contattarlo. . Impossibile eseguire la registrazione.

Error - 06/04/2010 2.27.52 | Computer Name = FERRI | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non riuscita
a contattare un server di elenchi (0x8007054b) Il dominio specificato non esiste
o impossibile contattarlo. . Impossibile eseguire la registrazione.

Error - 06/04/2010 6.02.39 | Computer Name = FERRI | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non riuscita
a contattare un server di elenchi (0x8007054b) Il dominio specificato non esiste
o impossibile contattarlo. . Impossibile eseguire la registrazione.

Error - 06/04/2010 6.51.23 | Computer Name = FERRI | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non riuscita
a contattare un server di elenchi (0x8007054b) Il dominio specificato non esiste
o impossibile contattarlo. . Impossibile eseguire la registrazione.

Error - 06/04/2010 11.48.05 | Computer Name = FERRI | Source = Userenv | ID = 1007
Description = Impossibile determinare il sito associato per questo computer. (Memoria
insufficiente nel server per eseguire il comando. ). Elaborazione dei Criteri di
gruppo interrotta.

Error - 06/04/2010 12.22.14 | Computer Name = FERRI | Source = Userenv | ID = 1007
Description = Impossibile determinare il sito associato per questo computer. (Memoria
insufficiente nel server per eseguire il comando. ). Elaborazione dei Criteri di
gruppo interrotta.

Error - 06/04/2010 13.32.05 | Computer Name = FERRI | Source = Userenv | ID = 1007
Description = Impossibile determinare il sito associato per questo computer. (Memoria
insufficiente nel server per eseguire il comando. ). Elaborazione dei Criteri di
gruppo interrotta.

Error - 07/04/2010 5.58.51 | Computer Name = FERRI | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non riuscita
a contattare un server di elenchi (0x8007054b) Il dominio specificato non esiste
o impossibile contattarlo. . Impossibile eseguire la registrazione.

Error - 07/04/2010 6.52.04 | Computer Name = FERRI | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non riuscita
a contattare un server di elenchi (0x8007054b) Il dominio specificato non esiste
o impossibile contattarlo. . Impossibile eseguire la registrazione.

Error - 08/04/2010 3.24.40 | Computer Name = FERRI | Source = AutoEnrollment | ID = 15
Description = La registrazione automatica certificati per Sistema locale non riuscita
a contattare un server di elenchi (0x8007054b) Il dominio specificato non esiste
o impossibile contattarlo. . Impossibile eseguire la registrazione.

[ System Events ]
Error - 08/04/2010 1.57.38 | Computer Name = FERRI | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizi IPSEC dipende dal servizio Driver IPSEC che non
stato avviato per il seguente errore: %%31

Error - 08/04/2010 1.57.38 | Computer Name = FERRI | Source = Service Control Manager | ID = 7026
Description = All'avvio non stato possibile caricare i seguenti driver: AFD avgio
avipbb
ElbyCDIO
Fips
intelppm
IPSec
LUMDriver
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
RSKEY
SASDIFSV
SASKUTIL
ssmdrv
Tcpip

Error - 08/04/2010 2.49.04 | Computer Name = FERRI | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 08/04/2010 2.49.10 | Computer Name = FERRI | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 08/04/2010 2.49.25 | Computer Name = FERRI | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 08/04/2010 2.49.35 | Computer Name = FERRI | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 08/04/2010 2.49.35 | Computer Name = FERRI | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 08/04/2010 3.22.27 | Computer Name = FERRI | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/04/2010 3.24.40 | Computer Name = FERRI | Source = W32Time | ID = 39452700
Description = Il time provider NtpClient configurato per acquisire l'ora da una
o pi origini dell'ora, ma nessuna origine dell'ora era accessibile. NtpClient non
dispone di alcuna origine di ora esatta.

Error - 08/04/2010 3.25.32 | Computer Name = FERRI | Source = System Error | ID = 1003
Description = Codice errore 000000f4, parametro1 00000003, parametro2 fc65bda0,
parametro3 fc65bf14, parametro4 e0cbc066.


< End of report >


#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 08 April 2010 - 04:04 AM

Hi ivantnt,



QUOTE
The problem anyway is that, after i made all you requested me, i continue to get message error from windows when i use some program

Yes, you had a rootkit onboard. The error message is normal. After nuking it, everything should be fine.

QUOTE
Sorry, I make more then one post because if i put all logs in this post the system tell me "the post is too long please reduce it

That's ok. You may use multiple posts if needed.

Step1
  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
http://www.bleepingcomputer.com/forums/t/306337/gmer-tell-im-infected-by-rootkit/?p=1705234

Collect::
c:\windows\system32\oladobmo.dll

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acrwwv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aogclghkt]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aoqjz]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bbczlcol]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

NetSvc::
bbczlcol
aogclghkt
acrwwv
aoqjz

Driver::
bbczlcol
aogclghkt
acrwwv
aoqjz


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system.[/b] Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 19 (JDK or JRE)".
  3. Click the "Download JRE" button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Click on the link to download Windows Offline Installation and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    J2SE Runtime Environment 5.0

  12. Click the Remove or Change/Remove button.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  16. After that, please clear your java cache as instructed in this thread .


Step3

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation

Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.Combofix log
2.Kas Online Scan Report


Tell me if you have any remaining issues on your pc.


#8 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 April 2010 - 05:11 AM

Hi sundavis, here is the logs from combofix and Kaspersky.

So in your opinion the pc was infected by conficker/kido?

Now in the pc everythink appear to go well

Thanks really very much i will let you know if remaining issues will appear in next days.

Bye
Ivan

Attached Files



#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 12 April 2010 - 06:37 AM

Hi ivantnt,




Step1
  1. Please download Flash_Disinfector and save it to your desktop.
  2. Double click to run it.
  3. You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well.
  4. Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  5. When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  6. Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.



Step2
  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
File::
Z:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Z:\autorun.inf

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##nethservice#admin]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next reply, please post back:

1.ComboFix log

Let me know if you have any remaining concerns on your pc.


#10 ivantnt

ivantnt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 14 April 2010 - 02:10 AM

Hi sundavis, here is the combofix's log.

Now everything appear to go well.

Do you think i'm cleaned?

Thanks very much for your help thumbup2.gif

Attached Files



#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 14 April 2010 - 03:13 AM

Hi ivantnt,



Your system appears clean now. thumbup.gif If you have no remaining concerns on your pc, let's do some tidy up and you should be good to go.


Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the /Uninstall, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step2

Start OTL from your desktop.
  1. Double click OTL and let it run
  2. Then Click the Cleanup button.
  3. You will get a prompt saying "Being Cleanup Process". Please select Yes.
  4. Restart your computer when prompted.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  2. Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  3. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!



#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 17 April 2010 - 07:59 PM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users