Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP doesn't start after virus infection! stuck at black screen


  • This topic is locked This topic is locked
38 replies to this topic

#1 3m4

3m4

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 08 September 2010 - 08:28 AM

Hi guys, i need help immediately, if you can. i summarize here what's happened: yesterday my computer got infected by a fake antivirus, avira has been closed and internet explorer didn't connect any more, so i used Combofix but when the pc restarted windows gave me the error: isapnp.sys missing or damaged. i extracted this file form XP cd and put it in the right place and now the error is gone but there-s only a blackscreen after the bios and bootloader. same for the safe mode, it loads some files and then gets stuck and black. tried a lot of things: wacko.gif fixboot,fixmbr,system restore offline, repaired windows installation, tried to restore manually the registry, chkdsk /r, tried to see if there were 0 kb files in system32/drivers,but there weren't(on the web some people solved deleting fake .sys drivers(
with puppylinux live cd i can see everything and access the files, so i don-t think it-s hardware related problem.

i don-t know what to do more, could it be a strong virus in mbr? but with fixmbr it should have been fixed, shouldn-t it?
please help, give me hints, i don-t want to backup everything and format cold.gif

Edited by 3m4, 08 September 2010 - 08:29 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 PM

Posted 12 September 2010 - 05:59 AM

Hello and sorry for the delay.

Let's try to boot your computer using a Boot CD.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe
  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)[list]
      • Enter the path to the drive where your XP CD is located.
      • You can click on the "..." button on the right to navigate to the path as well.
    • Custom: (include files and folders from this directory)
      • No information is necessary, leave blank.
    • Output:
      • Keep the default
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
      • Download the RunScanner plugin and save it to your desktop

      http://www.paraglidernc.com/Files/RunScanner10025.cab

      Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

      • Press the Plugin button on the PE Builder interface
      • Press the Add button and navigate to the location of the RunScanner plugin to install
      • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
    • When your done press Close and the PE Builder interface will re-appear
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
4. Burn your ISO file to CD==========

Next........

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After it loads press the Go button in the lower left and do this....
    • Go
    • System
    • Display
    • Screen Resolution
    • 1024x768
    Next choose....
    • Go
    • Programs
    • A43 File Management Utility

==========

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.bat.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to All
    • Uncheck LOP and Purity check

    Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!
  • Push
  • A report will open named "OTL.tx"t and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 3m4

3m4
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 September 2010 - 08:08 AM

Nice to hear from someone! smile.gif
i must confess that i've also started another topic HERE

http://www.bleepingcomputer.com/forums/topic346781.html

about the same problem, because i thought this one has been ignored! Sorry for the trouble, don't target me as spammer ehehe

There i have posted more detailed and updated information, so if you can, please read also it and tell me if we should continue there.

In the meanwhile i'll do exactly what you asked. Thanks in advance for your time

EDIT> I "had" windows XP home SP3 but i think now it's reverted back to the SP2 as i have run the repair installation. The XP cd is SP2 of course

Edited by 3m4, 12 September 2010 - 08:10 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 PM

Posted 12 September 2010 - 08:35 AM

Hi, the service pack on the CD doesn't matter to create the PE CD.

To avoid confusion, I'm closing your other topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 3m4

3m4
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 September 2010 - 08:52 AM

No problem, elise, thanks

OK, executed what you said, now i have the two logs, here they are as you required to copy and past:


OTL logfile created on: 12/09/10 3.41.20 - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 339,00 Mb Available Physical Memory | 66,00% Memory free
479,00 Mb Paging File | 410,00 Mb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 700 700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 54,89 Gb Total Space | 8,31 Gb Free Space | 15,14% Space Free | Partition Type: NTFS
Drive D: | 983,70 Mb Total Space | 982,61 Mb Free Space | 99,89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 156,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet005

========== Win32 Services (All) ==========

SRV - File not found [Disabled] -- -- (Utilitą di pianificazione di LiveUpdate automatico)
SRV - File not found [Auto] -- C:\Programmi\MozyHome\mozybackup.exe -- (mozybackup)
SRV - [2010/07/03 11.39.35 | 000,136,176 | ---- | M] (Google Inc.) [Auto] -- C:\Programmi\Google\Update\GoogleUpdate.exe -- (gupdate) Servizio di Google Update (gupdate)
SRV - [2010/06/14 13.07.14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/27 09.44.26 | 001,565,960 | ---- | M] (Raxco Software, Inc.) [Auto] -- C:\Programmi\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2010/05/27 09.44.16 | 001,471,752 | ---- | M] (Raxco Software, Inc.) [On_Demand] -- C:\Programmi\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2010/05/10 19.01.51 | 002,478,640 | ---- | M] () [On_Demand] -- c:\Programmi\File comuni\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/04/08 07.14.22 | 000,632,792 | ---- | M] (PC Tools) [On_Demand] -- C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/01/05 13.29.02 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/11 03.17.35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled] -- C:\Programmi\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/21 09.03.54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 20.12.00 | 000,434,945 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2009/07/13 20.12.00 | 000,194,817 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2009/07/13 20.12.00 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/19 13.40.17 | 000,077,944 | ---- | M] (Autodesk) [On_Demand] -- C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/01/21 00.04.00 | 000,618,944 | ---- | M] (Acronis) [On_Demand] -- C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/07/29 20.10.04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18.24.50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18.16.38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10.17.02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10.16.40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 02.14.24 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 02.14.19 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 02.14.13 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 02.14.12 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 02.13.57 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 02.13.57 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 02.13.55 | 000,296,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 02.13.55 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 02.13.49 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 02.13.49 | 000,293,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 02.13.49 | 000,194,560 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 02.13.49 | 000,038,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 02.13.41 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 02.13.39 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 02.13.38 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/08 07.56.30 | 000,800,040 | ---- | M] (Nero AG) [On_Demand] -- C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2008/01/22 09.13.26 | 000,275,752 | ---- | M] (Nero AG) [Disabled] -- C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/01/18 23.37.14 | 000,055,296 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/12/19 08.30.26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [On_Demand] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 20.56.50 | 000,918,528 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programmi\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/06/01 15.22.00 | 000,155,715 | ---- | M] (NVIDIA Corporation) [On_Demand] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/05/24 18.31.06 | 000,372,736 | ---- | M] () [On_Demand] -- C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2005/04/27 12.59.24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programmi\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/08/19 12.00.00 | 000,437,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/19 12.00.00 | 000,395,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) RPC (Remote Procedure Call)
SRV - [2004/08/19 12.00.00 | 000,395,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2004/08/19 12.00.00 | 000,359,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2004/08/19 12.00.00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Acquisizione di immagini di Windows (WIA)
SRV - [2004/08/19 12.00.00 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall / Condivisione connessione Internet (ICS)
SRV - [2004/08/19 12.00.00 | 000,293,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/19 12.00.00 | 000,247,296 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) NLA (Network Location Awareness)
SRV - [2004/08/19 12.00.00 | 000,246,272 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2004/08/19 12.00.00 | 000,243,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2004/08/19 12.00.00 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/19 12.00.00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2004/08/19 12.00.00 | 000,185,344 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2004/08/19 12.00.00 | 000,176,640 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2004/08/19 12.00.00 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2004/08/19 12.00.00 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/19 12.00.00 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2004/08/19 12.00.00 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2004/08/19 12.00.00 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2004/08/19 12.00.00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2004/08/19 12.00.00 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2004/08/19 12.00.00 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/19 12.00.00 | 000,113,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/19 12.00.00 | 000,113,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/19 12.00.00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2004/08/19 12.00.00 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2004/08/19 12.00.00 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2004/08/19 12.00.00 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/19 12.00.00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2004/08/19 12.00.00 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/19 12.00.00 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/19 12.00.00 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/19 12.00.00 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/19 12.00.00 | 000,077,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2004/08/19 12.00.00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/19 12.00.00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2004/08/19 12.00.00 | 000,071,680 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/19 12.00.00 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2004/08/19 12.00.00 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/19 12.00.00 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2004/08/19 12.00.00 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2004/08/19 12.00.00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2004/08/19 12.00.00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2004/08/19 12.00.00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/19 12.00.00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/19 12.00.00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2004/08/19 12.00.00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/19 12.00.00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/19 12.00.00 | 000,024,064 | ---- | M] (Microsoft Corp.) [On_Demand] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/19 12.00.00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/19 12.00.00 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/19 12.00.00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2004/08/19 12.00.00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2004/08/19 12.00.00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\svchost.exe -- (usprserv)
SRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\svchost.exe -- (HidServ)
SRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt)
SRV - [2004/08/19 12.00.00 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) Gestione account di protezione (SAM)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2004/08/19 12.00.00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2004/08/19 12.00.00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/19 12.00.00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva332.sys -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\sis7012.sys -- (SiS7012) Service for AC'97 Sample Driver (WDM)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [File_System | System] -- C:\WINDOWS\System32\DRIVERS\mozy.sys -- (mozyFilter)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\5.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\FileObjInfo.sys -- (FileObjInfo)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilDrv10720)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand] -- -- (ausdflrb)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/07/03 16.16.42 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/03 16.16.42 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/03 16.16.42 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Programmi\SUPERAntiSpyware\sasenum.sys -- (SASENUM)
DRV - [2010/04/07 04.22.06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/03/09 02.52.44 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Programmi\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/26 20.32.58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 20.32.46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 12.32.44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 12.32.44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 12.21.22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 12.21.22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/08 21.20.16 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin)
DRV - [2009/12/31 16.50.03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/10 18.44.28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/14 16.35.16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2009/07/14 04.12.00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/02 01.59.26 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/30 08.33.10 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10.35.09 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/22 02.59.30 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2008/11/22 02.59.30 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/22 02.59.14 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/09/25 16.35.24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008/09/04 04.28.22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 04.27.54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 04.27.28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/28 21.45.58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008/08/26 08.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/30 09.53.52 | 000,017,920 | ---- | M] (SAMSUNG Electronics Co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssusbdownload.sys -- (SSUSBDownload)
DRV - [2008/06/13 04.30.28 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 10.14.46 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\RDPWD.sys -- (RDPWD)
DRV - [2008/04/14 10.14.46 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\TDTCP.sys -- (TDTCP)
DRV - [2008/04/14 10.14.44 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 10.14.44 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\TDPIPE.sys -- (TDPIPE)
DRV - [2008/04/14 09.56.02 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/14 09.49.26 | 000,058,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/14 02.45.06 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 18.54.28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 18.45.32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2008/04/13 18.45.00 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 18.36.40 | 000,046,464 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/04/13 18.32.58 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/01/19 05.53.06 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wudfrd.sys -- (WudfRd)
DRV - [2008/01/19 05.52.52 | 000,077,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2007/10/24 14.39.36 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidswvd.sys -- (HIDSwvd)
DRV - [2007/10/10 16.07.40 | 000,004,484 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2007/10/05 15.18.04 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/01 00.43.20 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tvichw32.sys -- (TVICHW32)
DRV - [2007/05/02 14.32.34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007/05/02 14.31.54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007/05/02 14.31.54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007/05/02 14.31.54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2007/03/25 22.45.52 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/10/19 02.00.00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/06/09 20.58.22 | 001,373,120 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2006/06/01 15.22.00 | 003,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/04/23 03.34.34 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/02/14 23.02.56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/10/31 21.44.39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Programmi\TGTSoft\StyleXP\stylexphelper.exe -- (StyleXPHelper)
DRV - [2004/08/19 12.00.00 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/19 12.00.00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/19 12.00.00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/19 12.00.00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/19 12.00.00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/19 12.00.00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/19 12.00.00 | 000,188,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/19 12.00.00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/19 12.00.00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/19 12.00.00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/19 12.00.00 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/19 12.00.00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/19 12.00.00 | 000,154,240 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/19 12.00.00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/19 12.00.00 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/19 12.00.00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/19 12.00.00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/19 12.00.00 | 000,125,824 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/19 12.00.00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/19 12.00.00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/19 12.00.00 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/19 12.00.00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/19 12.00.00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/19 12.00.00 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/19 12.00.00 | 000,080,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/19 12.00.00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/19 12.00.00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/19 12.00.00 | 000,068,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/19 12.00.00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/19 12.00.00 | 000,066,176 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/19 12.00.00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/19 12.00.00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/19 12.00.00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/19 12.00.00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/19 12.00.00 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2004/08/19 12.00.00 | 000,053,632 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/19 12.00.00 | 000,053,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/19 12.00.00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/19 12.00.00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/19 12.00.00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/19 12.00.00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr) Gestore installazione (Mounting)
DRV - [2004/08/19 12.00.00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/19 12.00.00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/19 12.00.00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2004/08/19 12.00.00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/19 12.00.00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/19 12.00.00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2004/08/19 12.00.00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/19 12.00.00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2004/08/19 12.00.00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/08/19 12.00.00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/19 12.00.00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/19 12.00.00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/19 12.00.00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/19 12.00.00 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/19 12.00.00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/19 12.00.00 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2004/08/19 12.00.00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/19 12.00.00 | 000,027,440 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/19 12.00.00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/19 12.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/19 12.00.00 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2004/08/19 12.00.00 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2004/08/19 12.00.00 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/19 12.00.00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/19 12.00.00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/19 12.00.00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/19 12.00.00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/19 12.00.00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/19 12.00.00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/19 12.00.00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/19 12.00.00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/19 12.00.00 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/19 12.00.00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/19 12.00.00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/19 12.00.00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/19 12.00.00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/19 12.00.00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/19 12.00.00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/19 12.00.00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/19 12.00.00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/19 12.00.00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/19 12.00.00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/19 12.00.00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/19 12.00.00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/19 12.00.00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/19 12.00.00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/19 12.00.00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2004/08/19 12.00.00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/08/19 12.00.00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/19 12.00.00 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2004/08/19 12.00.00 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/19 12.00.00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/19 12.00.00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/19 12.00.00 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2004/08/19 12.00.00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2004/08/19 12.00.00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/19 12.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/19 12.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/19 12.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/19 12.00.00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/19 12.00.00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/19 12.00.00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2004/08/04 06.31.36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/03 22.41.56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP)
DRV - [2004/08/03 22.41.56 | 000,011,868 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/08/03 22.41.50 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf)
DRV - [2004/08/03 22.41.48 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2)
DRV - [2003/07/18 15.58.20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/03/25 23.50.46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002/10/17 15.14.46 | 000,049,024 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 23.19.08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001/08/30 13.54.58 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/18 04.56.16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvu1.sys -- (SONYPVU1) Driver filtro USB Sony (SONYPVU1)
DRV - [2001/08/17 21.59.44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 9F 58 26 0D 7F CA 01 [binary data]
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta, = http://astalavista.box.sk/cgi-bin/robot?srch=%s
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta, = +
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,# = %23
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,& = %26
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,? = %3F
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,+ = %2B
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,= = %3D
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs, = http://www.thebugs.ws/search.php?id=644&q=%s
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs, = +
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,# = %23
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,& = %26
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,? = %3F
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,+ = %2B
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,= = %3D
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy, = http://anonym.to/?http://%s
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy, = +
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,# = %23
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,& = %26
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,? = %3F
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,+ = %2B
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,= = %3D
IE - HKU\famigliadd_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\famigliadd_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\famigliadd_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage


IE - HKU\x_convertire_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\x_convertire_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\x_convertire_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\x_convertire_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2008/11/22 16.25.31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/07 17.33.15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programmi\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/27 19.33.57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/08/27 09.32.45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/07/04 17.41.15 | 000,000,000 | ---D | M]

[2010/07/07 18.02.57 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/06/27 19.12.49 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/22 11.25.42 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/22 15.34.18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/15 17.02.29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/08 16.06.48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/22 11.38.08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/06/27 19.12.29 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/27 19.12.29 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll
[2008/08/22 12.37.38 | 000,163,840 | ---- | M] (The Nielsen Company) -- C:\Programmi\Mozilla Firefox\components\nsgkff30_meter2.dll
[2009/10/11 03.17.27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll
[2010/07/04 17.40.26 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/02/06 10.44.28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/06/27 19.12.39 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll
[2008/06/15 13.39.21 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/06/15 13.40.03 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
[2008/06/15 13.38.21 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
[2010/06/27 19.12.42 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/22 11.53.55 | 000,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2010/06/27 19.12.42 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/06/27 19.12.42 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml
[2010/06/27 19.12.42 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/06/27 19.12.42 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/06/27 19.12.42 | 000,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/08/30 14.57.41 | 000,000,048 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 rad.msn.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\famigliadd_ON_C\..\Toolbar\ShellBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\ShellBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\System32\ieframe.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DrvIcon] C:\Programmi\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [TrayFactory] C:\Programmi\PS Tray Factory\PSTrayFactory.exe (PS Soft Lab)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\famigliadd_ON_C..\Run: [glasstoast] C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\glasstoast\glasstoast.exe (Andreas Verhoeven)
O4 - HKU\famigliadd_ON_C..\Run: [Glonim] C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\Glonim\Glonim.exe (Gregory Maynard-Hoare)
O4 - HKU\famigliadd_ON_C..\Run: [LClock] C:\Programmi\LClock\LClock.exe ()
O4 - HKU\famigliadd_ON_C..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - HKU\famigliadd_ON_C..\Run: [Softany Monitor Control] C:\Programmi\Softany\Monitor Control\MonitorControl.exe ()
O4 - HKU\famigliadd_ON_C..\Run: [wlcwlcwlcw.exe] C:\wlcwlcwlcw.exe\wlcwlcwlcw.exe File not found
O4 - HKU\x_convertire_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\x_convertire_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [PSTF] C:\Programmi\PS Tray Factory\PSTrayFactory.exe (PS Soft Lab)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\RunOnce: [PackNoVs] C:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe (Home)
O4 - Startup: C:\Documents and Settings\famigliadd\Menu Avvio\Programmi\Esecuzione automatica\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\famigliadd\Menu Avvio\Programmi\Esecuzione automatica\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = C:\WINDOWS\Resources\Themes\Inspirat2\Inspirat2.msstyles (Microsoft)
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\x_convertire_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/ocis/SiSAutodetectNT.cab (SiS_OCX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1167738108437 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (LogonUI.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/02 14.04.58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/10 15.25.43 | 003,925,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/09/07 23.34.02 | 000,000,000 | ---D | C] -- C:\quarant
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/09/07 14.23.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings
[2010/09/07 14.23.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings
[2010/09/07 14.23.31 | 000,000,000 | ---D | C] -- C:\Programmi\Syncplicity
[2010/09/07 14.23.21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/09/07 14.23.04 | 000,000,000 | -H-D | C] -- C:\ErdUndoCache
[2010/09/06 19.23.55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/06 19.22.14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/06 18.46.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Impostazioni locali\Dati applicazioni\Windows Server
[2010/09/06 18.46.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Dati applicazioni\2B0366BB8C3FA4E8DCA4667FFDBBF280
[2010/09/06 18.46.01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/09/06 15.48.17 | 000,037,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys
[2010/09/06 15.48.17 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/09/06 15.48.17 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbsermpt.sys
[2010/09/06 15.48.17 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/09/06 15.48.17 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/09/06 15.48.17 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/09/06 15.48.17 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/09/06 15.48.17 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/09/06 15.48.17 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/09/06 15.48.17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/09/06 15.48.17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/09/06 15.48.16 | 000,971,552 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm174.sys
[2010/09/06 15.48.16 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/09/06 15.48.16 | 000,540,000 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010/09/06 15.48.16 | 000,368,544 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2010/09/06 15.48.16 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys.old
[2010/09/06 15.48.16 | 000,044,704 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2010/09/06 15.48.16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/06 15.48.16 | 000,017,920 | ---- | C] (SAMSUNG Electronics Co.,Ltd.) -- C:\WINDOWS\System32\drivers\ssusbdownload.sys
[2010/09/06 15.48.15 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/09/06 15.48.15 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/09/06 15.48.15 | 000,134,272 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snman380.sys
[2010/09/06 15.48.15 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/09/06 15.48.15 | 000,129,248 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010/09/06 15.48.15 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/09/06 15.48.15 | 000,049,024 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\sisidex.sys
[2010/09/06 15.48.15 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/09/06 15.48.15 | 000,036,992 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\SISAGPX.SYS
[2010/09/06 15.48.15 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnicxp.sys
[2010/09/06 15.48.15 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnic.sys
[2010/09/06 15.48.15 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/09/06 15.48.15 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/09/06 15.48.15 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/09/06 15.48.15 | 000,009,472 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\drivers\sisperf.sys
[2010/09/06 15.48.15 | 000,004,096 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\drivers\siside.sys
[2010/09/06 15.48.15 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/09/06 15.48.14 | 000,032,377 | ---- | C] (B-phreaks) -- C:\WINDOWS\System32\drivers\prodigy.sys
[2010/09/06 15.48.14 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/09/06 15.48.13 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/09/06 15.48.13 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/09/06 15.48.13 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/09/06 15.48.13 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010/09/06 15.48.13 | 000,135,680 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsa.sys
[2010/09/06 15.48.13 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/09/06 15.48.13 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/09/06 15.48.13 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsacm.sys
[2010/09/06 15.48.13 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsacj.sys
[2010/09/06 15.48.13 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsac.sys
[2010/09/06 15.48.13 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010/09/06 15.48.12 | 000,132,904 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2010/09/06 15.48.12 | 000,051,072 | ---- | C] (Stephan Schreiber) -- C:\WINDOWS\System32\drivers\ifsmount.sys
[2010/09/06 15.48.12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/06 15.48.12 | 000,029,184 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/09/06 15.48.12 | 000,024,832 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2010/09/06 15.48.12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/06 15.48.12 | 000,019,968 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2010/09/06 15.48.12 | 000,013,056 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2010/09/06 15.48.12 | 000,011,304 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2010/09/06 15.48.11 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/09/06 15.48.11 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gckernel.sys
[2010/09/06 15.48.11 | 000,025,544 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2010/09/06 15.48.11 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidswvd.sys
[2010/09/06 15.48.04 | 000,181,120 | ---- | C] (Stephan Schreiber) -- C:\WINDOWS\System32\drivers\ext2fs.sys
[2010/09/06 15.48.04 | 000,135,184 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys
[2010/09/06 15.48.04 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/09/06 15.48.04 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/09/06 15.48.04 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/09/06 15.48.03 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/09/06 15.48.03 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/09/06 15.48.03 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/09/06 15.48.03 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/06 15.48.03 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/09/06 15.48.03 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/09/06 15.48.03 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/09/06 15.48.03 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/09/06 15.48.03 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/06 15.48.03 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/09/06 15.48.03 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/09/06 15.48.03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/06 15.48.03 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/09/06 15.48.03 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/09/06 15.48.03 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/09/06 15.48.03 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/09/06 15.48.03 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/09/06 15.48.03 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/09/06 15.48.03 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/09/06 15.48.03 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/09/06 15.48.03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/06 15.48.03 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/09/06 15.48.03 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/09/06 15.48.03 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/09/06 15.48.03 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/09/06 15.48.03 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/09/06 15.48.03 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/09/06 15.48.03 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/09/06 15.48.03 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/09/06 15.48.03 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/09/06 15.48.03 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/09/06 15.48.02 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/09/06 15.48.02 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/09/06 15.48.02 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/09/06 15.48.02 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/09/06 15.48.02 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/09/06 15.48.02 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/09/06 15.48.02 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/09/06 15.48.02 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/09/06 11.23.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Desktop\nvxj
[2010/09/04 18.01.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Desktop\ggggg
[2010/09/02 17.30.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Impostazioni locali\Dati applicazioni\Syncplicity
[2010/09/02 17.12.17 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2010/09/02 17.12.15 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\WINDOWS\System32\LogMail.dll
[2010/09/02 17.12.13 | 000,086,016 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBwinUtil.ocx
[2010/09/02 17.12.12 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\WINDOWS\System32\HLButton.ocx
[2010/09/02 17.12.12 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\WINDOWS\System32\Disable_X.ocx
[2010/09/02 17.12.12 | 000,024,576 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBcalendarser.ocx
[2010/09/02 17.12.12 | 000,000,000 | ---D | C] -- C:\Programmi\IDrive
[2010/09/02 15.38.50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/02 14.31.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Dati applicazioni\Dropbox
[2010/09/02 13.54.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Dati applicazioni\SpiderOak
[2010/09/02 13.54.24 | 000,000,000 | ---D | C] -- C:\Programmi\SpiderOak
[2010/01/08 21.20.17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.sys
[2008/06/10 12.08.57 | 001,570,816 | ---- | C] (Toshiba Samsung Storage Technology Coporation) -- C:\Documents and Settings\famigliadd\Dati applicazioni\tsdnwin.dll
[2007/10/10 19.09.49 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmmdm.sys
[2007/10/10 19.09.49 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmserd.sys
[2007/10/10 19.09.49 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmbus.sys
[2007/10/10 19.09.49 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmmdfl.sys
[2007/10/10 19.09.49 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmcmnt.sys
[2007/10/10 19.09.49 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmwhnt.sys
[2007/10/10 19.09.49 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmcr.sys
[2007/03/25 14.45.52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\famigliadd\usbsermptxp.sys
[2007/03/25 14.45.52 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\famigliadd\usbsermpt.sys
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/09 10.33.37 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2010/09/08 20.49.03 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2010/09/08 20.37.05 | 003,840,563 | ---- | M] () -- C:\ComboFix.exe
[2010/09/08 20.32.54 | 000,293,376 | ---- | M] () -- C:\3q9jpprk.exe
[2010/09/08 19.41.12 | 000,000,318 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/09/08 19.41.09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 19.16.04 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/09/08 12.23.26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/08 12.23.26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/06 19.24.24 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2010/09/06 19.24.24 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/09/06 19.24.14 | 025,427,968 | ---- | M] () -- C:\Documents and Settings\famigliadd\ntuser.dat
[2010/09/06 19.24.14 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\famigliadd\ntuser.ini
[2010/09/06 18.58.01 | 003,839,056 | R--- | M] () -- C:\Documents and Settings\famigliadd\Desktop\ComboFix.exe
[2010/09/06 13.05.33 | 000,025,308 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\davide.jpg
[2010/09/06 08.56.04 | 734,349,312 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD2.avi
[2010/09/05 19.32.55 | 733,638,656 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD1.avi
[2010/09/05 18.05.23 | 001,175,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/05 18.05.23 | 000,516,090 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/09/05 18.05.23 | 000,465,764 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/05 18.05.23 | 000,096,384 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/09/05 18.05.23 | 000,080,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/05 12.21.28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/04 17.56.36 | 001,091,678 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\attachment.php
[2010/09/03 11.34.54 | 033,890,197 | ---- | M] () -- C:\BN68-02656B-00L04-0302.pdf
[2010/09/02 20.23.07 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/02 15.38.52 | 000,868,352 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/02 15.38.51 | 000,987,136 | ---- | M] () -- C:\Documents and Settings\x convertire\ntuser.dat
[2010/09/02 10.20.14 | 000,003,361 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\Fine.htm
[2010/09/01 18.15.13 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2010/09/01 11.59.29 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/31 15.33.55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/20 17.18.13 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\Nuovo Documento di Microsoft Word.doc
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/12 05.34.23 | 000,001,709 | ---- | C] () -- C:\pciide.rar
[2010/09/10 15.21.41 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfS2.cty
[2010/09/10 15.21.41 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/09/10 15.21.41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\smrv.sys
[2010/09/10 15.21.41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\nfecokd.sys
[2010/09/10 15.21.41 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2010/09/08 20.49.03 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2010/09/08 20.35.44 | 003,840,563 | ---- | C] () -- C:\ComboFix.exe
[2010/09/08 20.32.54 | 000,293,376 | ---- | C] () -- C:\3q9jpprk.exe
[2010/09/08 20.30.47 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/09/08 12.23.26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/08 12.23.26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/09/07 10.02.45 | 000,000,315 | RHS- | C] () -- C:\boot.ini
[2010/09/06 18.55.23 | 003,839,056 | R--- | C] () -- C:\Documents and Settings\famigliadd\Desktop\ComboFix.exe
[2010/09/06 15.48.13 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/09/06 15.48.11 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2010/09/06 13.01.50 | 000,025,308 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\davide.jpg
[2010/09/06 08.32.13 | 734,349,312 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD2.avi
[2010/09/05 19.12.37 | 733,638,656 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD1.avi
[2010/09/04 17.54.45 | 001,091,678 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\attachment.php
[2010/09/03 11.32.53 | 033,890,197 | ---- | C] () -- C:\BN68-02656B-00L04-0302.pdf
[2010/09/02 17.12.14 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/09/02 17.12.13 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\rootcert.pem
[2010/09/02 17.12.12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\IBColIml.ocx
[2010/09/02 10.20.14 | 000,003,361 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\Fine.htm
[2010/08/20 17.18.13 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\Nuovo Documento di Microsoft Word.doc
[2010/01/23 19.55.57 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\famigliadd\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 18.30.32 | 025,427,968 | ---- | C] () -- C:\Documents and Settings\famigliadd\ntuser.dat
[2010/01/08 21.21.35 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\vso_ts_preview.xml
[2010/01/08 21.20.45 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.log
[2010/01/08 21.20.17 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\inst.exe
[2010/01/08 21.20.17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.cat
[2010/01/08 21.20.17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.inf
[2010/01/05 14.14.44 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\SamsungLiveUpdateConfig.ini
[2009/12/14 14.01.46 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\streamrai.ini
[2009/09/19 13.30.51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\sign.ini
[2009/05/29 17.34.40 | 000,987,136 | ---- | C] () -- C:\Documents and Settings\x convertire\s-1-5-21-117609710-1547161642-839522115-1007.rrr
[2009/05/29 17.33.51 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2009/05/27 16.11.08 | 000,868,352 | ---- | C] () -- C:\Documents and Settings\Administrator\s-1-5-21-117609710-1547161642-839522115-500.rrr
[2009/05/20 13.00.51 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2009/05/03 12.17.37 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009/04/02 18.52.10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SCRNCAM.ini
[2009/01/06 13.45.46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\x convertire\S-1-5-21-117609710-1547161642-839522115-1007.rrr.LOG
[2008/12/06 17.37.13 | 000,000,194 | -HS- | C] () -- C:\Documents and Settings\x convertire\ntuser.ini
[2008/12/06 17.37.09 | 000,987,136 | ---- | C] () -- C:\Documents and Settings\x convertire\ntuser.dat
[2008/12/06 17.37.09 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\x convertire\NTUSER.DAT.LOG
[2008/09/17 10.36.22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 10.36.20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 10.36.20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 10.36.20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\S-1-5-21-117609710-1547161642-839522115-500.rrr.LOG
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\famigliadd\S-1-5-21-117609710-1547161642-839522115-1004.rrr.LOG
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\NetworkService\S-1-5-20.rrr.LOG
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\S-1-5-19.rrr.LOG
[2008/06/06 19.00.03 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\famigliadd\PUTTY.RND
[2008/06/06 11.29.17 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\wfxhelp22.dll
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityVert2.WB4
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityVert1.WB4
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityHorz2.WB4
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityHorz1.WB4
[2008/05/06 12.34.28 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\famigliadd\_BLOCK.WB4
[2008/03/31 12.04.33 | 024,379,392 | ---- | C] () -- C:\Documents and Settings\famigliadd\ntuser.dat.rmbak
[2008/03/20 13.49.20 | 000,003,406 | ---- | C] () -- C:\Documents and Settings\famigliadd\uninstall.txt
[2008/03/09 17.14.57 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\avetoasts.ini
[2008/03/04 13.19.18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\windowfx3.ini
[2008/02/19 18.25.51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/19 14.12.59 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\famigliadd\screenSaver.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\sound.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\nFrame.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\JkmFile.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\files.tra
[2008/02/14 12.27.47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/13 15.09.27 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\famigliadd\.rnd
[2008/01/03 20.29.38 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/12/02 18.13.48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2007/11/21 18.49.00 | 000,000,081 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/10/23 14.04.02 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007/10/10 19.09.49 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\famigliadd\MCCI_MDM.INF
[2007/10/10 19.09.49 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\famigliadd\MCCI_BUS.INF
[2007/10/10 19.09.49 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\famigliadd\MCCI_SDM.INF
[2007/10/10 19.09.48 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043387-(null)
[2007/10/10 19.09.48 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043388-(null)
[2007/10/10 19.08.29 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\famigliadd\USB_MOT_BRIT.INF
[2007/10/10 19.08.29 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\famigliadd\USB_MOT_A1000.INF
[2007/10/10 19.08.25 | 000,014,310 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem12.PNF
[2007/10/10 19.08.25 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem13.PNF
[2007/10/10 19.08.25 | 000,012,562 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem14.PNF
[2007/10/10 19.08.25 | 000,007,195 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem12.inf
[2007/10/10 19.08.25 | 000,005,891 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem14.inf
[2007/10/10 19.08.25 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem13.inf
[2007/09/25 12.34.24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/10 13.15.25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\famigliadd\config.ini
[2007/07/04 17.07.43 | 000,000,194 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2007/07/04 17.07.41 | 000,868,352 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2007/07/04 17.07.41 | 000,356,352 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2007/06/23 13.06.46 | 000,004,096 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2007/06/23 13.06.45 | 000,008,350 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2007/06/23 13.06.45 | 000,007,876 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2007/03/25 14.45.52 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\famigliadd\USBMOT2000.INF
[2007/03/25 14.45.52 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\famigliadd\USBMOT2000XP.INF
[2007/03/25 14.45.52 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\famigliadd\USB_CMCS_2000.INF
[2007/03/25 14.45.38 | 000,049,642 | ---- | C] () -- C:\Documents and Settings\famigliadd\Motorola_Driver_Log.txt
[2007/03/05 11.34.28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll.bak
[2007/03/05 11.34.28 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/02/25 19.48.43 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2007/02/18 13.37.43 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/18 18.16.38 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\famigliadd\default.pls
[2007/01/05 17.05.16 | 000,001,491 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/03 20.36.06 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/01 22.53.33 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/01/01 22.53.33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/01/01 22.53.33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007/01/01 22.53.29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/01/01 22.53.10 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2007/01/01 22.47.08 | 000,000,306 | -HS- | C] () -- C:\Documents and Settings\famigliadd\ntuser.ini
[2007/01/01 22.47.07 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\famigliadd\NTUSER.DAT.LOG
[2007/01/01 22.44.21 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/01/01 22.44.21 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/01/01 22.44.13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2007/01/01 22.44.13 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/01/01 22.44.12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.rmbak
[2007/01/01 22.44.12 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2006/06/01 15.22.00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 15.22.00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 15.22.00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 15.22.00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 15.22.00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 15.22.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 15.22.00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/24 03.01.20 | 000,004,296 | ---- | C] () -- C:\WINDOWS\pp21cn.dll
[2004/08/19 12.00.00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/19 12.00.00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/29 12.47.28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2003/08/01 09.38.00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/04/01 10.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/02/18 23.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1996/04/03 19.33.26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >



OTL Extras logfile created on: 12/09/10 3.41.20 - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 339,00 Mb Available Physical Memory | 66,00% Memory free
479,00 Mb Paging File | 410,00 Mb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 700 700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 54,89 Gb Total Space | 8,31 Gb Free Space | 15,14% Space Free | Partition Type: NTFS
Drive D: | 983,70 Mb Total Space | 982,61 Mb Free Space | 99,89% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 156,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet005

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL File not found
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Programmi\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programmi\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\File comuni\Ahead\Nero Web\SetupX.exe" = C:\Programmi\File comuni\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Programmi\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe" = C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe:*:Enabled:agent -- (Macrovision Corporation)
"C:\Programmi\File comuni\InstallShield\UpdateService\ISDM.exe" = C:\Programmi\File comuni\InstallShield\UpdateService\ISDM.exe:*:Enabled:ISDM -- (Macrovision Corporation)
"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" = C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe:*:Enabled:issch -- (Macrovision Corporation)
"C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\utorrent.exe" = C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\utorrent.exe:*:Enabled:utorrent -- (BitTorrent, Inc.)
"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)
"C:\Programmi\Java\jre6\bin\javaw.exe" = C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programmi\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:JDownloader -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\JDownloader 0.6.193\JDownloader 0.6.193\JDownloader.exe" = C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\JDownloader 0.6.193\JDownloader 0.6.193\JDownloader.exe:*:Enabled:JDownloader -- (AppWork UG (haftungsbeschränkt))
"C:\Programmi\Java\jre6\bin\java.exe" = C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programmi\TeamViewer\Version5\TeamViewer.exe" = C:\Programmi\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch2.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch2.exe:*:Enabled:Server1Ch2 -- File not found
"C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch1.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch1.exe:*:Enabled:Server1Ch1 -- File not found
"C:\Documents and Settings\famigliadd\Documenti\ANGI\FinaLongju2\FinaLongju2\FinaLongju2 Sunrise (Srv1) - CH2.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\FinaLongju2\FinaLongju2\FinaLongju2 Sunrise (Srv1) - CH2.exe:*:Enabled:FinaLongju2 Sunrise (Srv1) - CH2 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Modulo di esecuzione DLL come applicazioni -- (Microsoft Corporation)
"C:\Programmi\VideoLAN\VLC\vlc.exe" = C:\Programmi\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\famigliadd\Documenti\ANGI\ProMt2\ProMt2\metin2.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\ProMt2\ProMt2\metin2.exe:*:Enabled:metin2 -- ()
"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programmi\SmartCam\SmartCam.exe" = C:\Programmi\SmartCam\SmartCam.exe:*:Enabled:SmartCam -- File not found
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\famigliadd\Dati applicazioni\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\famigliadd\Dati applicazioni\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07243840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft - Math
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{09241881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Encarta 2009 - Premium + Student
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{136BF5F3-F4A1-49C6-A72A-1009AEC7361E}" = LG PC Suite II
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0410-0002-0060B0CE6BBA}" = AutoCAD 2007 - Italiano
"{5978F151-FB21-4F7A-9409-507558466E58}" = DVD Shrink v3.2
"{59EC5F32-D8D7-3909-B0CB-255AD09F5993}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6A731356-4835-4C6A-B83B-E402191665F8}" = SkinStudio
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK
"{71CB2612-627C-3D58-8D82-B77444B27B6A}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98EFD8F0-08DE-48DB-B922-A2EBAB711040}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Strumenti e modelli didattici per Microsoft Office
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Home Premium
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeā„¢ 4.2
"{D21B65C4-F7ED-4805-8781-BB835AC85D14}" = Thoosje Quick Xp Optimizer Installer V2
"{D5610601-0161-4E94-AF2D-8C744002CB56}" = UpdateStar
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E6B84761-D63F-2A56-4948-E53F1B6D6EF1}" = MozyHome
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pacchetto driver Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pacchetto driver Windows - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Pacchetto driver Windows - Nokia Modem (08/03/2007 6.84.0.2)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pacchetto driver Windows - Nokia Modem (05/22/2008 7.00.0.1)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira AntiVir Premium
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pacchetto driver Windows - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pacchetto driver Windows - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Clickie" = Clickie
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Pacchetto driver Windows - Nokia Modem (03/13/2008 6.86.0.1)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Pacchetto driver Windows - Nokia Modem (06/09/2010 7.01.0.7)
"eMule" = eMule
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Un secolo di Aviazione
"flowBubbles screensaver_is1" = flowBubbles screensaver 3.21
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"hp deskjet 970c series" = Disinstallazione di hp deskjet 970c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"Internet Download Manager" = Internet Download Manager
"LClock" = LClock
"LifeGlobe Goldfish Aquarium 2.0_is1" = LifeGlobe Goldfish Aquarium 2.0
"Living 3D Dolphins Full Screen Saver" = Living 3D Dolphins Full Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyFreeCodec" = MyFreeCodec
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Multimedia Factory{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"PS Tray Factory_is1" = PS Tray Factory 3.2
"QuickSFV" = QuickSFV (Remove only)
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"RocketDock_is1" = RocketDock 1.3.5
"Samsung PC Studio 7" = Samsung PC Studio 7
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SkinStudio" = SkinStudio
"SmartCam" = SmartCam -- Smart Phone Camera
"Softany Monitor Control 2.06_is1" = Softany Monitor Control 2.06
"SpiderOak" = SpiderOak
"StyleXP" = StyleXP (remove only)
"TeamViewer 5" = TeamViewer 5
"UberIcon_is1" = UberIcon 1.0.4
"Unlocker" = Unlocker 1.8.9
"Vista Drive Icon" = Vista Drive Icon 1.4
"VLC media player" = VLC media player 1.1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

< End of report >

Attached Files


Edited by 3m4, 12 September 2010 - 08:55 AM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 PM

Posted 12 September 2010 - 10:00 AM

Hi, lets first investigate a patched file and see if we can find a valid replacement.

Rerun OTLPE and copy/paste the following text into the "custom scan/fix" field. Click the NONE button (top left corner) and then Run Scan. Post me the resulting log.
CODE
/md5start
gagp30kx.sys
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 3m4

3m4
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 September 2010 - 10:34 AM

Here 's the result :



OTL logfile created on: 12/09/10 5.28.36 - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 339,00 Mb Available Physical Memory | 66,00% Memory free
479,00 Mb Paging File | 409,00 Mb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 700 700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 54,89 Gb Total Space | 8,31 Gb Free Space | 15,14% Space Free | Partition Type: NTFS
Drive D: | 983,70 Mb Total Space | 982,30 Mb Free Space | 99,86% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 156,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet005

========== Custom Scans ==========



< MD5 for: GAGP30KX.SYS >
[2004/08/19 12.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:gagp30kx.sys
[2008/04/13 18.36.40 | 000,046,464 | ---- | M] () MD5=48466D5995427C51EB56CAFD93FC1F6A -- C:\WINDOWS\system32\drivers\gagp30kx.sys
< End of report >


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 PM

Posted 12 September 2010 - 01:25 PM

Please rerun OTLPE and copy/paste the following text into the "custom scan/fix" field. Click Run Fix.

CODE
:files
C:\WINDOWS\Driver Cache\i386\sp2.cab:gagp30kx.sys /e


When done, rerun the custom scan from my previous post and post back with the results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 3m4

3m4
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 September 2010 - 01:50 PM

second fixed log for you, i feel you have catched something interesting:



OTL logfile created on: 12/09/10 8.40.56 - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 339,00 Mb Available Physical Memory | 66,00% Memory free
479,00 Mb Paging File | 410,00 Mb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 700 700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 54,89 Gb Total Space | 8,31 Gb Free Space | 15,14% Space Free | Partition Type: NTFS
Drive D: | 983,70 Mb Total Space | 982,28 Mb Free Space | 99,86% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 156,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet005

========== Win32 Services (All) ==========

SRV - File not found [Disabled] -- -- (Utilitą di pianificazione di LiveUpdate automatico)
SRV - File not found [Auto] -- C:\Programmi\MozyHome\mozybackup.exe -- (mozybackup)
SRV - [2010/07/03 11.39.35 | 000,136,176 | ---- | M] (Google Inc.) [Auto] -- C:\Programmi\Google\Update\GoogleUpdate.exe -- (gupdate) Servizio di Google Update (gupdate)
SRV - [2010/06/14 13.07.14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/27 09.44.26 | 001,565,960 | ---- | M] (Raxco Software, Inc.) [Auto] -- C:\Programmi\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2010/05/27 09.44.16 | 001,471,752 | ---- | M] (Raxco Software, Inc.) [On_Demand] -- C:\Programmi\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2010/05/10 19.01.51 | 002,478,640 | ---- | M] () [On_Demand] -- c:\Programmi\File comuni\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/04/08 07.14.22 | 000,632,792 | ---- | M] (PC Tools) [On_Demand] -- C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/01/05 13.29.02 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/11 03.17.35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled] -- C:\Programmi\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/21 09.03.54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 20.12.00 | 000,434,945 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2009/07/13 20.12.00 | 000,194,817 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2009/07/13 20.12.00 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/19 13.40.17 | 000,077,944 | ---- | M] (Autodesk) [On_Demand] -- C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/01/21 00.04.00 | 000,618,944 | ---- | M] (Acronis) [On_Demand] -- C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/07/29 20.10.04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18.24.50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18.16.38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10.17.02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10.16.40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 02.14.24 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 02.14.19 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 02.14.13 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 02.14.12 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 02.13.57 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 02.13.57 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 02.13.55 | 000,296,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 02.13.55 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 02.13.49 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 02.13.49 | 000,293,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 02.13.49 | 000,194,560 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 02.13.49 | 000,038,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 02.13.41 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 02.13.39 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 02.13.38 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/08 07.56.30 | 000,800,040 | ---- | M] (Nero AG) [On_Demand] -- C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2008/01/22 09.13.26 | 000,275,752 | ---- | M] (Nero AG) [Disabled] -- C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/01/18 23.37.14 | 000,055,296 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/12/19 08.30.26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [On_Demand] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 20.56.50 | 000,918,528 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programmi\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/06/01 15.22.00 | 000,155,715 | ---- | M] (NVIDIA Corporation) [On_Demand] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/05/24 18.31.06 | 000,372,736 | ---- | M] () [On_Demand] -- C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2005/04/27 12.59.24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programmi\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/08/19 12.00.00 | 000,437,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/19 12.00.00 | 000,395,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) RPC (Remote Procedure Call)
SRV - [2004/08/19 12.00.00 | 000,395,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2004/08/19 12.00.00 | 000,359,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2004/08/19 12.00.00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Acquisizione di immagini di Windows (WIA)
SRV - [2004/08/19 12.00.00 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall / Condivisione connessione Internet (ICS)
SRV - [2004/08/19 12.00.00 | 000,293,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/19 12.00.00 | 000,247,296 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) NLA (Network Location Awareness)
SRV - [2004/08/19 12.00.00 | 000,246,272 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2004/08/19 12.00.00 | 000,243,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2004/08/19 12.00.00 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/19 12.00.00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2004/08/19 12.00.00 | 000,185,344 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2004/08/19 12.00.00 | 000,176,640 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2004/08/19 12.00.00 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2004/08/19 12.00.00 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/19 12.00.00 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2004/08/19 12.00.00 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2004/08/19 12.00.00 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2004/08/19 12.00.00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2004/08/19 12.00.00 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2004/08/19 12.00.00 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/19 12.00.00 | 000,113,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/19 12.00.00 | 000,113,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/19 12.00.00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2004/08/19 12.00.00 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2004/08/19 12.00.00 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2004/08/19 12.00.00 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/19 12.00.00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2004/08/19 12.00.00 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/19 12.00.00 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/19 12.00.00 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/19 12.00.00 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/19 12.00.00 | 000,077,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2004/08/19 12.00.00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/19 12.00.00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2004/08/19 12.00.00 | 000,071,680 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/19 12.00.00 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2004/08/19 12.00.00 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/19 12.00.00 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2004/08/19 12.00.00 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2004/08/19 12.00.00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2004/08/19 12.00.00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2004/08/19 12.00.00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/19 12.00.00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/19 12.00.00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2004/08/19 12.00.00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/19 12.00.00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/19 12.00.00 | 000,024,064 | ---- | M] (Microsoft Corp.) [On_Demand] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/19 12.00.00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/19 12.00.00 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/19 12.00.00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2004/08/19 12.00.00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2004/08/19 12.00.00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\svchost.exe -- (usprserv)
SRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\svchost.exe -- (HidServ)
SRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt)
SRV - [2004/08/19 12.00.00 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) Gestione account di protezione (SAM)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/19 12.00.00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2004/08/19 12.00.00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2004/08/19 12.00.00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/19 12.00.00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva332.sys -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\sis7012.sys -- (SiS7012) Service for AC'97 Sample Driver (WDM)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [File_System | System] -- C:\WINDOWS\System32\DRIVERS\mozy.sys -- (mozyFilter)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\5.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\FileObjInfo.sys -- (FileObjInfo)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilDrv10720)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand] -- -- (ausdflrb)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/07/03 16.16.42 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/03 16.16.42 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/03 16.16.42 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Programmi\SUPERAntiSpyware\sasenum.sys -- (SASENUM)
DRV - [2010/04/07 04.22.06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/03/09 02.52.44 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Programmi\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/26 20.32.58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 20.32.46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 12.32.44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 12.32.44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 12.21.22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 12.21.22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/08 21.20.16 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin)
DRV - [2009/12/31 16.50.03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/10 18.44.28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/14 16.35.16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2009/07/14 04.12.00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/02 01.59.26 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/03/30 08.33.10 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10.35.09 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/22 02.59.30 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2008/11/22 02.59.30 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/22 02.59.14 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/09/25 16.35.24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008/09/04 04.28.22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 04.27.54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 04.27.28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/28 21.45.58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008/08/26 08.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/30 09.53.52 | 000,017,920 | ---- | M] (SAMSUNG Electronics Co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssusbdownload.sys -- (SSUSBDownload)
DRV - [2008/06/13 04.30.28 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 10.14.46 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\RDPWD.sys -- (RDPWD)
DRV - [2008/04/14 10.14.46 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\TDTCP.sys -- (TDTCP)
DRV - [2008/04/14 10.14.44 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 10.14.44 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\TDPIPE.sys -- (TDPIPE)
DRV - [2008/04/14 09.56.02 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/14 09.49.26 | 000,058,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/14 02.45.06 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 18.54.28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 18.45.32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2008/04/13 18.45.00 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 18.36.40 | 000,046,464 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/04/13 18.32.58 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/01/19 05.53.06 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wudfrd.sys -- (WudfRd)
DRV - [2008/01/19 05.52.52 | 000,077,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2007/10/24 14.39.36 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidswvd.sys -- (HIDSwvd)
DRV - [2007/10/10 16.07.40 | 000,004,484 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2007/10/05 15.18.04 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/01 00.43.20 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tvichw32.sys -- (TVICHW32)
DRV - [2007/05/02 14.32.34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007/05/02 14.31.54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007/05/02 14.31.54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007/05/02 14.31.54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2007/03/25 22.45.52 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/10/19 02.00.00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/06/09 20.58.22 | 001,373,120 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2006/06/01 15.22.00 | 003,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/04/23 03.34.34 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/02/14 23.02.56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/10/31 21.44.39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Programmi\TGTSoft\StyleXP\stylexphelper.exe -- (StyleXPHelper)
DRV - [2004/08/19 12.00.00 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/19 12.00.00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/19 12.00.00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/19 12.00.00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/19 12.00.00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/19 12.00.00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/19 12.00.00 | 000,188,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/19 12.00.00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/19 12.00.00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/19 12.00.00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/19 12.00.00 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/19 12.00.00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/19 12.00.00 | 000,154,240 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/19 12.00.00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/19 12.00.00 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/19 12.00.00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/19 12.00.00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/19 12.00.00 | 000,125,824 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/19 12.00.00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/19 12.00.00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/19 12.00.00 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/19 12.00.00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/19 12.00.00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/19 12.00.00 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/19 12.00.00 | 000,080,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/19 12.00.00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/19 12.00.00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/19 12.00.00 | 000,068,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/19 12.00.00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/19 12.00.00 | 000,066,176 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/19 12.00.00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/19 12.00.00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/19 12.00.00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/19 12.00.00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/19 12.00.00 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2004/08/19 12.00.00 | 000,053,632 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/19 12.00.00 | 000,053,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/19 12.00.00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/19 12.00.00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/19 12.00.00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/19 12.00.00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr) Gestore installazione (Mounting)
DRV - [2004/08/19 12.00.00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/19 12.00.00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/19 12.00.00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2004/08/19 12.00.00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/19 12.00.00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/19 12.00.00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2004/08/19 12.00.00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/19 12.00.00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2004/08/19 12.00.00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/08/19 12.00.00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/19 12.00.00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/19 12.00.00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/19 12.00.00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/19 12.00.00 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/19 12.00.00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/19 12.00.00 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2004/08/19 12.00.00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/19 12.00.00 | 000,027,440 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/19 12.00.00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/19 12.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/19 12.00.00 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2004/08/19 12.00.00 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2004/08/19 12.00.00 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/19 12.00.00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/19 12.00.00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/19 12.00.00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/19 12.00.00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/19 12.00.00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/19 12.00.00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/19 12.00.00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/19 12.00.00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/19 12.00.00 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/19 12.00.00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/19 12.00.00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/19 12.00.00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/19 12.00.00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/19 12.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/19 12.00.00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/19 12.00.00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/19 12.00.00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/19 12.00.00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/19 12.00.00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/19 12.00.00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/19 12.00.00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/19 12.00.00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/19 12.00.00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/19 12.00.00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/19 12.00.00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2004/08/19 12.00.00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/08/19 12.00.00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/19 12.00.00 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2004/08/19 12.00.00 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/19 12.00.00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/19 12.00.00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/19 12.00.00 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2004/08/19 12.00.00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2004/08/19 12.00.00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/19 12.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/19 12.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/19 12.00.00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/19 12.00.00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/19 12.00.00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/19 12.00.00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2004/08/04 06.31.36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/03 22.41.56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP)
DRV - [2004/08/03 22.41.56 | 000,011,868 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/08/03 22.41.50 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf)
DRV - [2004/08/03 22.41.48 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2)
DRV - [2003/07/18 15.58.20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/03/25 23.50.46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002/10/17 15.14.46 | 000,049,024 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 23.19.08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001/08/30 13.54.58 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/18 04.56.16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvu1.sys -- (SONYPVU1) Driver filtro USB Sony (SONYPVU1)
DRV - [2001/08/17 21.59.44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 9F 58 26 0D 7F CA 01 [binary data]
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta, = http://astalavista.box.sk/cgi-bin/robot?srch=%s
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta, = +
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,# = %23
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,& = %26
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,? = %3F
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,+ = %2B
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\asta,= = %3D
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs, = http://www.thebugs.ws/search.php?id=644&q=%s
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs, = +
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,# = %23
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,& = %26
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,? = %3F
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,+ = %2B
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\bugs,= = %3D
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy, = http://anonym.to/?http://%s
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy, = +
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,# = %23
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,& = %26
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,? = %3F
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,+ = %2B
IE - HKU\famigliadd_ON_C\Software\Microsoft\Internet Explorer\SearchURL\proxy,= = %3D
IE - HKU\famigliadd_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\famigliadd_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\famigliadd_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage


IE - HKU\x_convertire_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\x_convertire_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\x_convertire_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\x_convertire_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2008/11/22 16.25.31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/07 17.33.15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programmi\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/27 19.33.57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/08/27 09.32.45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/07/04 17.41.15 | 000,000,000 | ---D | M]

[2010/07/07 18.02.57 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/06/27 19.12.49 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/22 11.25.42 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/22 15.34.18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/15 17.02.29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/08 16.06.48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/22 11.38.08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/06/27 19.12.29 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/27 19.12.29 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Programmi\Mozilla Firefox\components\brwsrcmp.dll
[2008/08/22 12.37.38 | 000,163,840 | ---- | M] (The Nielsen Company) -- C:\Programmi\Mozilla Firefox\components\nsgkff30_meter2.dll
[2009/10/11 03.17.27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll
[2010/07/04 17.40.26 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/02/06 10.44.28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/06/27 19.12.39 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programmi\Mozilla Firefox\plugins\npnul32.dll
[2008/06/15 13.39.21 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/16 17.00.00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/06/15 13.40.03 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
[2008/06/15 13.38.21 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
[2010/06/27 19.12.42 | 000,001,534 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/22 11.53.55 | 000,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2010/06/27 19.12.42 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/06/27 19.12.42 | 000,002,371 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\google.xml
[2010/06/27 19.12.42 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/06/27 19.12.42 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/06/27 19.12.42 | 000,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/08/30 14.57.41 | 000,000,048 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 rad.msn.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\famigliadd_ON_C\..\Toolbar\ShellBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\ShellBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\famigliadd_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\System32\ieframe.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DrvIcon] C:\Programmi\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [TrayFactory] C:\Programmi\PS Tray Factory\PSTrayFactory.exe (PS Soft Lab)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\famigliadd_ON_C..\Run: [glasstoast] C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\glasstoast\glasstoast.exe (Andreas Verhoeven)
O4 - HKU\famigliadd_ON_C..\Run: [Glonim] C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\Glonim\Glonim.exe (Gregory Maynard-Hoare)
O4 - HKU\famigliadd_ON_C..\Run: [LClock] C:\Programmi\LClock\LClock.exe ()
O4 - HKU\famigliadd_ON_C..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - HKU\famigliadd_ON_C..\Run: [Softany Monitor Control] C:\Programmi\Softany\Monitor Control\MonitorControl.exe ()
O4 - HKU\famigliadd_ON_C..\Run: [wlcwlcwlcw.exe] C:\wlcwlcwlcw.exe\wlcwlcwlcw.exe File not found
O4 - HKU\x_convertire_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\x_convertire_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [PSTF] C:\Programmi\PS Tray Factory\PSTrayFactory.exe (PS Soft Lab)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\RunOnce: [PackNoVs] C:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe (Home)
O4 - Startup: C:\Documents and Settings\famigliadd\Menu Avvio\Programmi\Esecuzione automatica\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\famigliadd\Menu Avvio\Programmi\Esecuzione automatica\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = C:\WINDOWS\Resources\Themes\Inspirat2\Inspirat2.msstyles (Microsoft)
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKU\famigliadd_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\x_convertire_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/ocis/SiSAutodetectNT.cab (SiS_OCX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1167738108437 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (LogonUI.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/02 14.04.58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/12 20.38.08 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\gagp30kx.sys
[2010/09/12 20.38.08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/10 15.25.43 | 003,925,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/09/07 23.34.02 | 000,000,000 | ---D | C] -- C:\quarant
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/09/07 16.37.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/09/07 14.23.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings
[2010/09/07 14.23.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings
[2010/09/07 14.23.31 | 000,000,000 | ---D | C] -- C:\Programmi\Syncplicity
[2010/09/07 14.23.21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/09/07 14.23.04 | 000,000,000 | -H-D | C] -- C:\ErdUndoCache
[2010/09/06 19.23.55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/06 19.22.14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/06 18.46.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Impostazioni locali\Dati applicazioni\Windows Server
[2010/09/06 18.46.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Dati applicazioni\2B0366BB8C3FA4E8DCA4667FFDBBF280
[2010/09/06 18.46.01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/09/06 15.48.17 | 000,037,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys
[2010/09/06 15.48.17 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/09/06 15.48.17 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbsermpt.sys
[2010/09/06 15.48.17 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/09/06 15.48.17 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/09/06 15.48.17 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/09/06 15.48.17 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/09/06 15.48.17 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/09/06 15.48.17 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/09/06 15.48.17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/09/06 15.48.17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/09/06 15.48.16 | 000,971,552 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm174.sys
[2010/09/06 15.48.16 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/09/06 15.48.16 | 000,540,000 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010/09/06 15.48.16 | 000,368,544 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2010/09/06 15.48.16 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys.old
[2010/09/06 15.48.16 | 000,044,704 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2010/09/06 15.48.16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/06 15.48.16 | 000,017,920 | ---- | C] (SAMSUNG Electronics Co.,Ltd.) -- C:\WINDOWS\System32\drivers\ssusbdownload.sys
[2010/09/06 15.48.15 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/09/06 15.48.15 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/09/06 15.48.15 | 000,134,272 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snman380.sys
[2010/09/06 15.48.15 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/09/06 15.48.15 | 000,129,248 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010/09/06 15.48.15 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/09/06 15.48.15 | 000,049,024 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\sisidex.sys
[2010/09/06 15.48.15 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/09/06 15.48.15 | 000,036,992 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\SISAGPX.SYS
[2010/09/06 15.48.15 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnicxp.sys
[2010/09/06 15.48.15 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnic.sys
[2010/09/06 15.48.15 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/09/06 15.48.15 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/09/06 15.48.15 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/09/06 15.48.15 | 000,009,472 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\drivers\sisperf.sys
[2010/09/06 15.48.15 | 000,004,096 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\drivers\siside.sys
[2010/09/06 15.48.15 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/09/06 15.48.14 | 000,032,377 | ---- | C] (B-phreaks) -- C:\WINDOWS\System32\drivers\prodigy.sys
[2010/09/06 15.48.14 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/09/06 15.48.13 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/09/06 15.48.13 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/09/06 15.48.13 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/09/06 15.48.13 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010/09/06 15.48.13 | 000,135,680 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsa.sys
[2010/09/06 15.48.13 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/09/06 15.48.13 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/09/06 15.48.13 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsacm.sys
[2010/09/06 15.48.13 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsacj.sys
[2010/09/06 15.48.13 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdsac.sys
[2010/09/06 15.48.13 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010/09/06 15.48.12 | 000,132,904 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2010/09/06 15.48.12 | 000,051,072 | ---- | C] (Stephan Schreiber) -- C:\WINDOWS\System32\drivers\ifsmount.sys
[2010/09/06 15.48.12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/06 15.48.12 | 000,029,184 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/09/06 15.48.12 | 000,024,832 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2010/09/06 15.48.12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/06 15.48.12 | 000,019,968 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2010/09/06 15.48.12 | 000,013,056 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2010/09/06 15.48.12 | 000,011,304 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2010/09/06 15.48.11 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/09/06 15.48.11 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gckernel.sys
[2010/09/06 15.48.11 | 000,025,544 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2010/09/06 15.48.11 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidswvd.sys
[2010/09/06 15.48.04 | 000,181,120 | ---- | C] (Stephan Schreiber) -- C:\WINDOWS\System32\drivers\ext2fs.sys
[2010/09/06 15.48.04 | 000,135,184 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys
[2010/09/06 15.48.04 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/09/06 15.48.04 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/09/06 15.48.04 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/09/06 15.48.03 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/09/06 15.48.03 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/09/06 15.48.03 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/09/06 15.48.03 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/06 15.48.03 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/09/06 15.48.03 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/09/06 15.48.03 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/09/06 15.48.03 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/09/06 15.48.03 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/06 15.48.03 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/09/06 15.48.03 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/09/06 15.48.03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/06 15.48.03 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/09/06 15.48.03 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/09/06 15.48.03 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/09/06 15.48.03 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/09/06 15.48.03 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/09/06 15.48.03 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/09/06 15.48.03 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/09/06 15.48.03 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/09/06 15.48.03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/06 15.48.03 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/09/06 15.48.03 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/09/06 15.48.03 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/09/06 15.48.03 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/09/06 15.48.03 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/09/06 15.48.03 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/09/06 15.48.03 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/09/06 15.48.03 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/09/06 15.48.03 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/09/06 15.48.03 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/09/06 15.48.02 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/09/06 15.48.02 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/09/06 15.48.02 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/09/06 15.48.02 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/09/06 15.48.02 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/09/06 15.48.02 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/09/06 15.48.02 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/09/06 15.48.02 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/09/06 11.23.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Desktop\nvxj
[2010/09/04 18.01.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Desktop\ggggg
[2010/09/02 17.30.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Impostazioni locali\Dati applicazioni\Syncplicity
[2010/09/02 17.12.17 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2010/09/02 17.12.15 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\WINDOWS\System32\LogMail.dll
[2010/09/02 17.12.13 | 000,086,016 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBwinUtil.ocx
[2010/09/02 17.12.12 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\WINDOWS\System32\HLButton.ocx
[2010/09/02 17.12.12 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\WINDOWS\System32\Disable_X.ocx
[2010/09/02 17.12.12 | 000,024,576 | ---- | C] (Streamnet India) -- C:\WINDOWS\System32\IBcalendarser.ocx
[2010/09/02 17.12.12 | 000,000,000 | ---D | C] -- C:\Programmi\IDrive
[2010/09/02 15.38.50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/02 14.31.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Dati applicazioni\Dropbox
[2010/09/02 13.54.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\famigliadd\Dati applicazioni\SpiderOak
[2010/09/02 13.54.24 | 000,000,000 | ---D | C] -- C:\Programmi\SpiderOak
[2010/01/08 21.20.17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.sys
[2008/06/10 12.08.57 | 001,570,816 | ---- | C] (Toshiba Samsung Storage Technology Coporation) -- C:\Documents and Settings\famigliadd\Dati applicazioni\tsdnwin.dll
[2007/10/10 19.09.49 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmmdm.sys
[2007/10/10 19.09.49 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmserd.sys
[2007/10/10 19.09.49 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmbus.sys
[2007/10/10 19.09.49 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmmdfl.sys
[2007/10/10 19.09.49 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmcmnt.sys
[2007/10/10 19.09.49 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmwhnt.sys
[2007/10/10 19.09.49 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\famigliadd\mqdmcr.sys
[2007/03/25 14.45.52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\famigliadd\usbsermptxp.sys
[2007/03/25 14.45.52 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\famigliadd\usbsermpt.sys
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/12 20.38.27 | 000,868,352 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/09 10.33.37 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2010/09/08 20.49.03 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2010/09/08 20.37.05 | 003,840,563 | ---- | M] () -- C:\ComboFix.exe
[2010/09/08 20.32.54 | 000,293,376 | ---- | M] () -- C:\3q9jpprk.exe
[2010/09/08 19.41.12 | 000,000,318 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/09/08 19.41.09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 19.16.04 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/09/08 12.23.26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/08 12.23.26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/06 19.24.24 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2010/09/06 19.24.24 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/09/06 19.24.14 | 025,427,968 | ---- | M] () -- C:\Documents and Settings\famigliadd\ntuser.dat
[2010/09/06 19.24.14 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\famigliadd\ntuser.ini
[2010/09/06 18.58.01 | 003,839,056 | R--- | M] () -- C:\Documents and Settings\famigliadd\Desktop\ComboFix.exe
[2010/09/06 13.05.33 | 000,025,308 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\davide.jpg
[2010/09/06 08.56.04 | 734,349,312 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD2.avi
[2010/09/05 19.32.55 | 733,638,656 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD1.avi
[2010/09/05 18.05.23 | 001,175,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/05 18.05.23 | 000,516,090 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/09/05 18.05.23 | 000,465,764 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/05 18.05.23 | 000,096,384 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/09/05 18.05.23 | 000,080,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/05 12.21.28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/04 17.56.36 | 001,091,678 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\attachment.php
[2010/09/03 11.34.54 | 033,890,197 | ---- | M] () -- C:\BN68-02656B-00L04-0302.pdf
[2010/09/02 20.23.07 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/02 15.38.51 | 000,987,136 | ---- | M] () -- C:\Documents and Settings\x convertire\ntuser.dat
[2010/09/02 10.20.14 | 000,003,361 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\Fine.htm
[2010/09/01 18.15.13 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2010/09/01 11.59.29 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/31 15.33.55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/20 17.18.13 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\famigliadd\Desktop\Nuovo Documento di Microsoft Word.doc
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/12 05.34.23 | 000,001,709 | ---- | C] () -- C:\pciide.rar
[2010/09/10 15.21.41 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfS2.cty
[2010/09/10 15.21.41 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/09/10 15.21.41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\smrv.sys
[2010/09/10 15.21.41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\nfecokd.sys
[2010/09/10 15.21.41 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2010/09/08 20.49.03 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2010/09/08 20.35.44 | 003,840,563 | ---- | C] () -- C:\ComboFix.exe
[2010/09/08 20.32.54 | 000,293,376 | ---- | C] () -- C:\3q9jpprk.exe
[2010/09/08 20.30.47 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/09/08 12.23.26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/08 12.23.26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/09/07 10.02.45 | 000,000,315 | RHS- | C] () -- C:\boot.ini
[2010/09/06 18.55.23 | 003,839,056 | R--- | C] () -- C:\Documents and Settings\famigliadd\Desktop\ComboFix.exe
[2010/09/06 15.48.13 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/09/06 15.48.11 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2010/09/06 13.01.50 | 000,025,308 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\davide.jpg
[2010/09/06 08.32.13 | 734,349,312 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD2.avi
[2010/09/05 19.12.37 | 733,638,656 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\I.Love.Radio.Rock.2009.iTALiAN.LiMITED.DVDRip.WarezConnect.tk.CD1.avi
[2010/09/04 17.54.45 | 001,091,678 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\attachment.php
[2010/09/03 11.32.53 | 033,890,197 | ---- | C] () -- C:\BN68-02656B-00L04-0302.pdf
[2010/09/02 17.12.14 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/09/02 17.12.13 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\rootcert.pem
[2010/09/02 17.12.12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\IBColIml.ocx
[2010/09/02 10.20.14 | 000,003,361 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\Fine.htm
[2010/08/20 17.18.13 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\famigliadd\Desktop\Nuovo Documento di Microsoft Word.doc
[2010/01/23 19.55.57 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\famigliadd\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 18.30.32 | 025,427,968 | ---- | C] () -- C:\Documents and Settings\famigliadd\ntuser.dat
[2010/01/08 21.21.35 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\vso_ts_preview.xml
[2010/01/08 21.20.45 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.log
[2010/01/08 21.20.17 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\inst.exe
[2010/01/08 21.20.17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.cat
[2010/01/08 21.20.17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\pcouffin.inf
[2010/01/05 14.14.44 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\SamsungLiveUpdateConfig.ini
[2009/12/14 14.01.46 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\streamrai.ini
[2009/09/19 13.30.51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\sign.ini
[2009/05/29 17.34.40 | 000,987,136 | ---- | C] () -- C:\Documents and Settings\x convertire\s-1-5-21-117609710-1547161642-839522115-1007.rrr
[2009/05/29 17.33.51 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2009/05/27 16.11.08 | 000,868,352 | ---- | C] () -- C:\Documents and Settings\Administrator\s-1-5-21-117609710-1547161642-839522115-500.rrr
[2009/05/20 13.00.51 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2009/05/03 12.17.37 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009/04/02 18.52.10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SCRNCAM.ini
[2009/01/06 13.45.46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\x convertire\S-1-5-21-117609710-1547161642-839522115-1007.rrr.LOG
[2008/12/06 17.37.13 | 000,000,194 | -HS- | C] () -- C:\Documents and Settings\x convertire\ntuser.ini
[2008/12/06 17.37.09 | 000,987,136 | ---- | C] () -- C:\Documents and Settings\x convertire\ntuser.dat
[2008/12/06 17.37.09 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\x convertire\NTUSER.DAT.LOG
[2008/09/17 10.36.22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 10.36.20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 10.36.20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 10.36.20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\S-1-5-21-117609710-1547161642-839522115-500.rrr.LOG
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\famigliadd\S-1-5-21-117609710-1547161642-839522115-1004.rrr.LOG
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\NetworkService\S-1-5-20.rrr.LOG
[2008/06/18 20.36.17 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\S-1-5-19.rrr.LOG
[2008/06/06 19.00.03 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\famigliadd\PUTTY.RND
[2008/06/06 11.29.17 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\wfxhelp22.dll
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityVert2.WB4
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityVert1.WB4
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityHorz2.WB4
[2008/05/06 12.34.30 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\famigliadd\_PersonalityHorz1.WB4
[2008/05/06 12.34.28 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\famigliadd\_BLOCK.WB4
[2008/03/31 12.04.33 | 024,379,392 | ---- | C] () -- C:\Documents and Settings\famigliadd\ntuser.dat.rmbak
[2008/03/20 13.49.20 | 000,003,406 | ---- | C] () -- C:\Documents and Settings\famigliadd\uninstall.txt
[2008/03/09 17.14.57 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\Dati applicazioni\avetoasts.ini
[2008/03/04 13.19.18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\windowfx3.ini
[2008/02/19 18.25.51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/19 14.12.59 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\famigliadd\screenSaver.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\sound.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\nFrame.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\JkmFile.tra
[2008/02/19 14.12.59 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\famigliadd\files.tra
[2008/02/14 12.27.47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/13 15.09.27 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\famigliadd\.rnd
[2008/01/03 20.29.38 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/12/02 18.13.48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2007/11/21 18.49.00 | 000,000,081 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/10/23 14.04.02 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007/10/10 19.09.49 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\famigliadd\MCCI_MDM.INF
[2007/10/10 19.09.49 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\famigliadd\MCCI_BUS.INF
[2007/10/10 19.09.49 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\famigliadd\MCCI_SDM.INF
[2007/10/10 19.09.48 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043387-(null)
[2007/10/10 19.09.48 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043388-(null)
[2007/10/10 19.08.29 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\famigliadd\USB_MOT_BRIT.INF
[2007/10/10 19.08.29 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\famigliadd\USB_MOT_A1000.INF
[2007/10/10 19.08.25 | 000,014,310 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem12.PNF
[2007/10/10 19.08.25 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem13.PNF
[2007/10/10 19.08.25 | 000,012,562 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem14.PNF
[2007/10/10 19.08.25 | 000,007,195 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem12.inf
[2007/10/10 19.08.25 | 000,005,891 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem14.inf
[2007/10/10 19.08.25 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\famigliadd\1192043305-oem13.inf
[2007/09/25 12.34.24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/10 13.15.25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\famigliadd\config.ini
[2007/07/04 17.07.43 | 000,000,194 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2007/07/04 17.07.41 | 000,868,352 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2007/07/04 17.07.41 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2007/06/23 13.06.46 | 000,004,096 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2007/06/23 13.06.45 | 000,008,350 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2007/06/23 13.06.45 | 000,007,876 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2007/03/25 14.45.52 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\famigliadd\USBMOT2000.INF
[2007/03/25 14.45.52 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\famigliadd\USBMOT2000XP.INF
[2007/03/25 14.45.52 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\famigliadd\USB_CMCS_2000.INF
[2007/03/25 14.45.38 | 000,049,642 | ---- | C] () -- C:\Documents and Settings\famigliadd\Motorola_Driver_Log.txt
[2007/03/05 11.34.28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll.bak
[2007/03/05 11.34.28 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/02/25 19.48.43 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2007/02/18 13.37.43 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/18 18.16.38 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\famigliadd\default.pls
[2007/01/05 17.05.16 | 000,001,491 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/03 20.36.06 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/01 22.53.33 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/01/01 22.53.33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/01/01 22.53.33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007/01/01 22.53.29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/01/01 22.53.10 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2007/01/01 22.47.08 | 000,000,306 | -HS- | C] () -- C:\Documents and Settings\famigliadd\ntuser.ini
[2007/01/01 22.47.07 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\famigliadd\NTUSER.DAT.LOG
[2007/01/01 22.44.21 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/01/01 22.44.21 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/01/01 22.44.13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2007/01/01 22.44.13 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/01/01 22.44.12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.rmbak
[2007/01/01 22.44.12 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2006/06/01 15.22.00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 15.22.00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 15.22.00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 15.22.00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 15.22.00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 15.22.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 15.22.00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/24 03.01.20 | 000,004,296 | ---- | C] () -- C:\WINDOWS\pp21cn.dll
[2004/08/19 12.00.00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/19 12.00.00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/29 12.47.28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2003/08/01 09.38.00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/04/01 10.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/02/18 23.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1996/04/03 19.33.26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >



OTL Extras logfile created on: 12/09/10 8.40.56 - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 339,00 Mb Available Physical Memory | 66,00% Memory free
479,00 Mb Paging File | 410,00 Mb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 700 700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 54,89 Gb Total Space | 8,31 Gb Free Space | 15,14% Space Free | Partition Type: NTFS
Drive D: | 983,70 Mb Total Space | 982,28 Mb Free Space | 99,86% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 156,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet005

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL File not found
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Programmi\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programmi\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\File comuni\Ahead\Nero Web\SetupX.exe" = C:\Programmi\File comuni\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Programmi\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe" = C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe:*:Enabled:agent -- (Macrovision Corporation)
"C:\Programmi\File comuni\InstallShield\UpdateService\ISDM.exe" = C:\Programmi\File comuni\InstallShield\UpdateService\ISDM.exe:*:Enabled:ISDM -- (Macrovision Corporation)
"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" = C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe:*:Enabled:issch -- (Macrovision Corporation)
"C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\utorrent.exe" = C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\utorrent.exe:*:Enabled:utorrent -- (BitTorrent, Inc.)
"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)
"C:\Programmi\Java\jre6\bin\javaw.exe" = C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programmi\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:JDownloader -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\JDownloader 0.6.193\JDownloader 0.6.193\JDownloader.exe" = C:\Documents and Settings\famigliadd\Documenti\Emanuele\altri programmi\JDownloader 0.6.193\JDownloader 0.6.193\JDownloader.exe:*:Enabled:JDownloader -- (AppWork UG (haftungsbeschränkt))
"C:\Programmi\Java\jre6\bin\java.exe" = C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programmi\TeamViewer\Version5\TeamViewer.exe" = C:\Programmi\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch2.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch2.exe:*:Enabled:Server1Ch2 -- File not found
"C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch1.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\FLJ\FinaLongju2\FinaLongju2\Server1Ch1.exe:*:Enabled:Server1Ch1 -- File not found
"C:\Documents and Settings\famigliadd\Documenti\ANGI\FinaLongju2\FinaLongju2\FinaLongju2 Sunrise (Srv1) - CH2.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\FinaLongju2\FinaLongju2\FinaLongju2 Sunrise (Srv1) - CH2.exe:*:Enabled:FinaLongju2 Sunrise (Srv1) - CH2 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Modulo di esecuzione DLL come applicazioni -- (Microsoft Corporation)
"C:\Programmi\VideoLAN\VLC\vlc.exe" = C:\Programmi\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\famigliadd\Documenti\ANGI\ProMt2\ProMt2\metin2.exe" = C:\Documents and Settings\famigliadd\Documenti\ANGI\ProMt2\ProMt2\metin2.exe:*:Enabled:metin2 -- ()
"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programmi\SmartCam\SmartCam.exe" = C:\Programmi\SmartCam\SmartCam.exe:*:Enabled:SmartCam -- File not found
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\famigliadd\Dati applicazioni\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\famigliadd\Dati applicazioni\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07243840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft - Math
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{09241881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Encarta 2009 - Premium + Student
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{136BF5F3-F4A1-49C6-A72A-1009AEC7361E}" = LG PC Suite II
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0410-0002-0060B0CE6BBA}" = AutoCAD 2007 - Italiano
"{5978F151-FB21-4F7A-9409-507558466E58}" = DVD Shrink v3.2
"{59EC5F32-D8D7-3909-B0CB-255AD09F5993}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6A731356-4835-4C6A-B83B-E402191665F8}" = SkinStudio
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK
"{71CB2612-627C-3D58-8D82-B77444B27B6A}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98EFD8F0-08DE-48DB-B922-A2EBAB711040}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Strumenti e modelli didattici per Microsoft Office
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Home Premium
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D21B65C4-F7ED-4805-8781-BB835AC85D14}" = Thoosje Quick Xp Optimizer Installer V2
"{D5610601-0161-4E94-AF2D-8C744002CB56}" = UpdateStar
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E6B84761-D63F-2A56-4948-E53F1B6D6EF1}" = MozyHome
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pacchetto driver Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pacchetto driver Windows - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Pacchetto driver Windows - Nokia Modem (08/03/2007 6.84.0.2)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pacchetto driver Windows - Nokia Modem (05/22/2008 7.00.0.1)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira AntiVir Premium
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pacchetto driver Windows - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pacchetto driver Windows - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Clickie" = Clickie
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Pacchetto driver Windows - Nokia Modem (03/13/2008 6.86.0.1)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Pacchetto driver Windows - Nokia Modem (06/09/2010 7.01.0.7)
"eMule" = eMule
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Un secolo di Aviazione
"flowBubbles screensaver_is1" = flowBubbles screensaver 3.21
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"hp deskjet 970c series" = Disinstallazione di hp deskjet 970c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"Internet Download Manager" = Internet Download Manager
"LClock" = LClock
"LifeGlobe Goldfish Aquarium 2.0_is1" = LifeGlobe Goldfish Aquarium 2.0
"Living 3D Dolphins Full Screen Saver" = Living 3D Dolphins Full Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyFreeCodec" = MyFreeCodec
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Multimedia Factory{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"PS Tray Factory_is1" = PS Tray Factory 3.2
"QuickSFV" = QuickSFV (Remove only)
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"RocketDock_is1" = RocketDock 1.3.5
"Samsung PC Studio 7" = Samsung PC Studio 7
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SkinStudio" = SkinStudio
"SmartCam" = SmartCam -- Smart Phone Camera
"Softany Monitor Control 2.06_is1" = Softany Monitor Control 2.06
"SpiderOak" = SpiderOak
"StyleXP" = StyleXP (remove only)
"TeamViewer 5" = TeamViewer 5
"UberIcon_is1" = UberIcon 1.0.4
"Unlocker" = Unlocker 1.8.9
"Vista Drive Icon" = Vista Drive Icon 1.4
"VLC media player" = VLC media player 1.1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

< End of report >



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 PM

Posted 12 September 2010 - 03:25 PM

I think we have the culprit here yes, which would be a patched file.

Please rerun OTLPE, copy/paste the following text into the "custom scan/fix" field, then click Run Fix. When done, try to reboot normally.
CODE
:files
C:\windows\system32\drivers\gagp30kx.sys|C:\gagp30kx.sys /replace

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 3m4

3m4
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 September 2010 - 04:12 PM

That made my system boot up! THANK YOU VERY MUCH! i wouldn't have ever get it with my knowledge... if i only had asked before.....
now i've experienced two BSOD (one at startup and one when shutting down) but i'm confident and will try to figure this out tomorrow (it's 23.05 here, and i'm a bit tired).
One thing i'd like to know: my system shows sp3 but i'm quite sure that sp3 files have been replaced. Is this normal, could it be a problem? do you think i should reinstall sp3?

so thank you Elise for your time and this site again.

Please if you can keep this thread opened because i don.t know what's going to happen tomorrow.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 PM

Posted 13 September 2010 - 02:03 AM

Hi, glad to hear that worked. smile.gif

Lets do some more fixing here and see what needs to be done afterwards. I recommend you, after running combofix, to visit windows updates and install all recommended updates.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 3m4

3m4
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 13 September 2010 - 08:43 AM

Hi, i was trying to run combofix but it has been interrupted 2 times by a BSOD 0x000000f4, i don't know if it is Combofix itself causing it.

Moreover i often have a BSOD stop: c000021a 0xc0000005

What can i do now?


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:16 PM

Posted 13 September 2010 - 09:11 AM

Please try to run Combofix from safe mode. Thank you for mentioning that BSOD; this way I know what to be looking for. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 3m4

3m4
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 13 September 2010 - 11:21 AM

OK i'm going to do that:
however i think that in this case the virus (i think it was the cheerful Security Tool fake antivirus, that infected me the only time i was forced to use Internet explorer ->> now i know why they say to keep the distance)
is not responsible for the BSODs, i think it's all about the messing with registry, service packs, repair installations (i read somewhere)

Please tell me if this is too time spending for you sad.gif , or if you have no problem in assisting me again. smile.gif

When (if) i'll have the system running fine again the first thing i'll do will be buying an external hd and backup the entire windows partition with one of those light-opensource-free tools that seem so reliable

I have two questions for you, just curiosity: why did the "repair installation" not replace the corrupted driver?
and, do you think it was the virus or Combofix that corrupted it? sorry if this last one is a stupid question

eventually, when i run Combofix it says that some instances of avira antivir are running and i should close them but... i have just uninstalled avira completely and rebooted and it keeps saying this. I have also checked the "programs" folder, and, infact the Avira folder is no more there.
I'll run it in safe mode ignoring the warnings and will post here.... ok done:



ComboFix 10-09-12.04 - famigliadd 13/09/2010 18.18.19.4.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1535.1245 [GMT 2:00]

Eseguito da: c:\documents and settings\famigliadd\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {7C925FAC-FBF8-7FFD-302F-2500DCF01200}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C925FAC-DBF8-7FFD-302F-2500DCF01200}

.



((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\documents and settings\famigliadd\Dati applicazioni\inst.exe

c:\documents and settings\famigliadd\Impostazioni locali\Dati applicazioni\Windows Server

c:\documents and settings\famigliadd\Impostazioni locali\Dati applicazioni\Windows Server\admin.txt

c:\documents and settings\famigliadd\Impostazioni locali\Dati applicazioni\Windows Server\server.dat

c:\documents and settings\famigliadd\Modelli\memory.tmp

c:\windows\system32\3f12cb47.dat

c:\windows\system32\kernel1.exe

c:\windows\system32\muzapp.exe



.

((((((((((((((((((((((((( Files Creati Da 2010-08-13 al 2010-09-13 )))))))))))))))))))))))))))))))))))

.



2010-09-13 13:41 . 2010-09-13 13:41 -------- d-----w- c:\documents and settings\famigliadd\WINDOWS

2010-09-13 09:09 . 2004-08-19 12:00 101888 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-09-13 09:08 . 2004-08-19 12:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe

2010-09-13 09:07 . 2004-08-19 12:00 19456 -c--a-w- c:\windows\system32\dllcache\cprofile.exe

2010-09-13 09:06 . 2003-04-14 19:04 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll

2010-09-13 09:04 . 2004-08-19 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-09-13 08:54 . 2004-08-19 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-09-13 08:54 . 2004-08-19 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-09-13 08:54 . 2004-08-19 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-09-13 08:54 . 2004-08-19 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2010-09-12 20:38 . 2010-09-12 20:38 -------- d-----w- C:\_OTL

2010-09-12 20:38 . 2004-08-03 23:07 46464 ----a-w- C:\gagp30kx.sys

2010-09-10 20:39 . 2010-09-10 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Modelli

2010-09-10 20:39 . 2010-09-10 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Menu Avvio

2010-09-10 20:39 . 2010-09-13 16:26 -------- d-----w- c:\windows\system32\config\systemprofile\Impostazioni locali

2010-09-10 20:39 . 2010-09-10 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Microsoft

2010-09-10 20:39 . 2010-09-10 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni

2010-09-10 15:25 . 2006-06-01 15:22 3925920 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-09-10 15:21 . 2009-05-27 19:15 61440 ----a-w- c:\windows\system32\drivers\smrv.sys

2010-09-10 15:21 . 2009-05-27 11:17 61440 ----a-w- c:\windows\system32\drivers\nfecokd.sys

2010-09-10 15:21 . 2007-10-10 16:07 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys

2010-09-08 20:49 . 2010-09-08 20:49 80384 ----a-w- C:\MBRCheck.exe

2010-09-08 20:35 . 2010-09-08 20:37 3840563 ----a-w- C:\ComboFix.exe

2010-09-08 20:32 . 2010-09-08 20:32 293376 ----a-w- C:\3q9jpprk.exe

2010-09-08 20:30 . 2010-09-08 19:16 77312 ----a-w- C:\mbr.exe

2010-09-07 23:34 . 2010-09-08 15:03 -------- d---a-w- C:\quarant

2010-09-07 14:23 . 2010-09-07 14:30 -------- d-----w- c:\programmi\Syncplicity

2010-09-06 18:46 . 2010-09-06 18:46 -------- d-----w- c:\documents and settings\famigliadd\Dati applicazioni\2B0366BB8C3FA4E8DCA4667FFDBBF280

2010-09-06 18:46 . 2010-09-06 18:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-09-02 17:12 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll

2010-09-02 17:12 . 2004-11-01 10:26 135168 ----a-w- c:\windows\system32\LogMail.dll

2010-09-02 17:12 . 2005-05-04 07:02 55808 ----a-w- c:\windows\system32\zlib1.dll

2010-09-02 17:12 . 2010-09-02 17:22 -------- d-----w- c:\programmi\IDrive

2010-09-02 14:31 . 2010-09-02 20:20 -------- d-----w- c:\documents and settings\famigliadd\Dati applicazioni\Dropbox

2010-09-02 13:54 . 2010-09-02 19:53 -------- d-----w- c:\documents and settings\famigliadd\Dati applicazioni\SpiderOak

2010-09-02 13:54 . 2010-09-02 13:54 -------- d-----w- c:\programmi\SpiderOak



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-13 16:22 . 2008-03-17 13:00 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-13 13:14 . 2009-04-12 15:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira

2010-09-13 10:01 . 2004-08-19 12:00 516666 ----a-w- c:\windows\system32\perfh010.dat

2010-09-13 10:01 . 2004-08-19 12:00 96716 ----a-w- c:\windows\system32\perfc010.dat

2010-09-13 09:56 . 2010-07-04 14:21 -------- d-----w- c:\programmi\Raxco

2010-09-13 09:03 . 2007-01-01 22:38 22980 -c--a-w- c:\windows\system32\emptyregdb.dat

2010-09-06 18:47 . 2008-05-28 19:40 -------- d-----w- c:\programmi\SUPERAntiSpyware

2010-09-06 18:36 . 2008-01-21 16:38 -------- d-----w- c:\documents and settings\famigliadd\Dati applicazioni\DMCache

2010-09-01 11:28 . 2009-04-17 06:46 -------- d-----w- c:\documents and settings\famigliadd\Dati applicazioni\Skype

2010-07-31 18:27 . 2010-07-04 13:33 -------- d-----w- c:\documents and settings\famigliadd\Dati applicazioni\vlc

2010-07-15 18:04 . 2009-02-12 20:46 -------- d-----w- c:\programmi\MegaLink

2010-07-03 16:15 . 2010-01-06 13:19 117760 ----a-w- c:\documents and settings\famigliadd\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-03 11:40 . 2010-07-03 11:40 501936 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Google\Google Toolbar\Update\gtb1B0.tmp.exe

2010-06-27 19:31 . 2010-06-27 19:31 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe

2010-06-27 19:31 . 2010-06-27 19:31 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe

2010-06-27 19:31 . 2010-06-27 19:31 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-06-27 19:31 . 2010-06-27 19:31 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe

2010-06-27 19:16 . 2010-06-27 19:32 36453152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ita.exe

2010-06-27 19:06 . 2010-06-27 19:06 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe

2010-06-27 19:06 . 2010-06-27 19:06 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe

2010-06-27 19:06 . 2010-06-27 19:06 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe

2010-06-27 19:06 . 2010-06-27 19:07 35638328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2IT.exe

2010-06-27 18:54 . 2009-12-06 18:09 218544 ----a-w- c:\documents and settings\famigliadd\Dati applicazioni\IDM\idmmzcc3\components\idmmzcc.dll

2010-06-27 18:02 . 2008-03-17 21:08 4900 ----a-w- c:\windows\unins000.dat

2010-06-27 18:02 . 2008-03-17 21:08 691481 ----a-w- c:\windows\unins000.exe

2010-06-17 12:35 . 2010-06-25 11:16 1496064 ----a-w- c:\documents and settings\famigliadd\Dati applicazioni\Mozilla\Firefox\Profiles\fov8p9py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-06-17 12:35 . 2010-06-25 11:16 43008 ----a-w- c:\documents and settings\famigliadd\Dati applicazioni\Mozilla\Firefox\Profiles\fov8p9py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-06-17 12:35 . 2010-06-25 11:16 339456 ----a-w- c:\documents and settings\famigliadd\Dati applicazioni\Mozilla\Firefox\Profiles\fov8p9py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-06-17 12:35 . 2010-06-25 11:16 346112 ----a-w- c:\documents and settings\famigliadd\Dati applicazioni\Mozilla\Firefox\Profiles\fov8p9py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2008-08-22 12:37 . 2009-05-13 13:10 163840 ----a-w- c:\programmi\mozilla firefox\components\nsgkff30_meter2.dll

.



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"glasstoast"="c:\documents and settings\famigliadd\Documenti\Emanuele\altri programmi\glasstoast\glasstoast.exe" [2007-02-01 860160]

"Glonim"="c:\documents and settings\famigliadd\Documenti\Emanuele\altri programmi\Glonim\Glonim.exe" [2005-04-10 175104]

"Softany Monitor Control"="c:\programmi\Softany\Monitor Control\MonitorControl.exe" [2007-01-12 1252352]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-09-02 495616]

"LClock"="c:\programmi\LClock\LClock.exe" [2004-09-19 65536]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DrvIcon"="c:\programmi\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

"TrayFactory"="c:\programmi\PS Tray Factory\PSTrayFactory.exe" [2010-05-25 1304576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"nwiz"="nwiz.exe" [2006-06-01 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]



c:\documents and settings\famigliadd\Menu Avvio\Programmi\Esecuzione automatica\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2008-5-9 495616]

UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 159744]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2009-05-28 17:59 210168 ----a-w- c:\programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"



[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2009-01-21 00:04 377248 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

2009-01-21 00:05 960560 ----a-w- c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 06:27 570664 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-06-01 15:22 7618560 ----a-w- c:\windows\system32\nvcpl.dll



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-06-01 15:22 86016 ----a-w- c:\windows\system32\nvmctray.dll



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-06-01 15:22 1519616 ----a-w- c:\windows\system32\nwiz.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 03:17 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayFactory]

2010-05-25 08:18 1304576 ----a-w- c:\programmi\PS Tray Factory\PSTrayFactory.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2009-01-20 23:59 4359600 ----a-w- c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\eMule\\emule.exe"=

"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Programmi\\Messenger\\msmsgs.exe"=

"c:\\Programmi\\File comuni\\InstallShield\\UpdateService\\agent.exe"=

"c:\\Programmi\\File comuni\\InstallShield\\UpdateService\\ISDM.exe"=

"c:\\Programmi\\File comuni\\InstallShield\\UpdateService\\issch.exe"=

"c:\\Documents and Settings\\famigliadd\\Documenti\\Emanuele\\altri programmi\\utorrent.exe"=

"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=

"c:\\Documents and Settings\\famigliadd\\Documenti\\Emanuele\\altri programmi\\JDownloader 0.6.193\\JDownloader 0.6.193\\JDownloader.exe"=

"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Programmi\\Skype\\Phone\\Skype.exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)



R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [06/09/2010 17.48.04 181120]

R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [06/09/2010 17.48.12 51072]

S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [13/05/2008 12.43.58 12872]

S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 17.26.56 67656]

S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [03/07/2010 13.39.41 136176]

S3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [19/08/2004 14.00.00 14336]

S3 EraserUtilDrv10720;EraserUtilDrv10720; [x]

S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\FileObjInfo.sys [?]

S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [06/09/2010 17.48.12 29184]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/09/2010 17.48.13 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/09/2010 17.48.13 8320]

S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [06/09/2010 17.48.13 135680]

S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [06/09/2010 17.48.13 8320]

S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [06/09/2010 17.48.13 12288]

S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [06/09/2010 17.48.13 12288]

S3 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe [09/01/2010 18.38.34 632792]

S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\sasenum.sys [13/05/2008 12.44.00 12872]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys --> c:\windows\system32\drivers\sis7012.sys [?]

S3 SSUSBDownload;SAMSUNG SYMBIAN USB Downloader Driver;c:\windows\system32\drivers\ssusbdownload.sys [06/09/2010 17.48.16 17920]

S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/09/2010 17.48.16 717296]

S4 Utilitą di pianificazione di LiveUpdate automatico;Utilitą di pianificazione di LiveUpdate automatico; [x]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Scarica con IDM - c:\programmi\Internet Download Manager\IEExt.htm

IE: Scarica con IDM contenuti video FLV - c:\programmi\Internet Download Manager\IEGetVL.htm

IE: Scarica tutti i link con IDM - c:\programmi\Internet Download Manager\IEGetAll.htm

TCP: {194ABE00-92CC-4619-AA65-B65C82638FDB} = 208.67.222.222,193.70.152.15

FF - ProfilePath - c:\documents and settings\famigliadd\Dati applicazioni\Mozilla\Firefox\Profiles\fov8p9py.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\famigliadd\Dati applicazioni\Mozilla\Firefox\Profiles\fov8p9py.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\famigliadd\Dati applicazioni\Mozilla\Firefox\Profiles\fov8p9py.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll

FF - component: c:\programmi\Mozilla Firefox\components\nsgkff30_meter2.dll

FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - CHIAVI ORFANE RIMOSSE - - - -



Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-Cmaudio - cmicnfg.cpl

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

MSConfigStartUp-Cmaudio - cmicnfg.cpl

AddRemove-LifeGlobe Goldfish Aquarium 2.0_is1 - c:\programmi\Prolific Publishing







**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-13 18:26

Windows 5.1.2600 Service Pack 2 NTFS



scansione processi nascosti ...



scansione entrate autostart nascoste ...



Scansione files nascosti ...



Scansione completata con successo

Files nascosti: 0



**************************************************************************



[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\5.tmp"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------



[HKEY_USERS\S-1-5-21-117609710-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"

"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"

"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"

"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"

"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"

"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"

"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"

"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"



[HKEY_USERS\S-1-5-21-117609710-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F65BA255-52C8-4A2A-E92E-ACD84DFD44AB}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaippfncaeofaojgcnmjfjnhbpnepd"=hex:69,61,6a,6b,66,6d,69,6b,6a,67,66,68,6f,68,

67,65,6d,66,00,00

"nakcikfdfgocnljipnhmlielhhjg"=hex:69,61,6a,6b,66,6d,69,6b,6a,67,66,68,6f,68,

67,65,6d,66,00,00



[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58C074A5-2F61-1BA9-21D2-561442F3617D}\InProcServer32*]

"oaphfmlbgjobkacalmmiaplegohofi"=hex:69,61,69,6e,69,6c,6c,6b,65,67,6e,6f,6e,6d,

62,65,70,67,00,00

"naphhlnbpfihihmkgjhmkklbdblk"=hex:69,61,69,6e,69,6c,6c,6b,65,67,6e,6f,6e,6d,

62,65,70,67,00,00



[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):2e,b1,3d,57,b0,bc,56,dd,2a,11,17,03,31,96,b6,e8,af,5e,e7,6e,39,

88,16,22,91,5e,d3,77,6f,64,b8,a4,89,fa,a9,e5,30,84,c4,64,00,00,00,00,00,00,\



[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"



[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001



[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"



[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"



[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fd56d993-de46-4a0f-97b0-b5c436f27d44}]

@Denied: (Full) (Everyone)

"Model"=dword:00000036

"Therad"=dword:00000014

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\



[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"



[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"



[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"



[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ų•€|˙˙˙˙•€|ł•9~*]

"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------



- - - - - - - > 'winlogon.exe'(228)

c:\programmi\SUPERAntiSpyware\SASWINLO.dll

c:\programmi\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

.

Ora fine scansione: 2010-09-13 18:29:36

ComboFix-quarantined-files.txt 2010-09-13 16:29



Pre-Run: 9.741.160.448 byte disponibili

Post-Run: 9.989.529.600 byte disponibili



Current=5 Default=5 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7

- - End Of File - - B2C54CAF5EE5478ED76DB03FFBA52864





Edited by 3m4, 13 September 2010 - 11:35 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users