Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC restarts instead of shutting down


  • This topic is locked This topic is locked
5 replies to this topic

#1 Fra87

Fra87

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 11 October 2011 - 01:33 PM

When I click turn off on my computer, it restarts instead of shutting down. I think that there is a virus on my pc so I do a scanner with combofix the result is:

ComboFix 11-10-11.02 - Luc 11/10/2011 20:03:50.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4091.2844 [GMT 2:00]
Eseguito da: c:\users\Luc\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FE47A32-C1BA-4880-813D-9400666FC867}.xps
c:\users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6757F728-65B0-4AE2-9C0E-E69127D80A04}.xps
c:\users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9BA61044-A86C-4FD6-859F-A1ED89893BB3}.xps
c:\users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BCFE1D3C-0DED-4608-810C-EE7E603D68E2}.xps
c:\users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC31E3CD-1D03-4048-ADE8-6671F893F207}.xps
c:\users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D145F383-127D-438E-9E8B-5ED8DAD99449}.xps
c:\users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DDE1ED8C-2125-467C-9696-952D13937BE3}.xps
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-11 al 2011-10-11 )))))))))))))))))))))))))))))))))))
.
.
2011-10-11 18:09 . 2011-10-11 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 12:03 . 2011-10-09 12:03 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2011-10-02 12:36 . 2011-10-02 12:36 -------- d-----w- c:\program files (x86)\Veetle
2011-09-30 10:50 . 2007-12-10 00:00 55808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ZIMFPRNT.DLL
2011-09-30 10:50 . 2011-09-30 10:50 -------- d-----w- c:\program files\HP
2011-09-30 10:50 . 2007-12-10 00:00 61952 ----a-w- c:\windows\system32\ZIMF.DLL
2011-09-30 10:50 . 2007-12-10 00:00 568832 ----a-w- c:\windows\system32\ZSHP1020.EXE
2011-09-30 10:50 . 2007-12-10 00:00 49664 ----a-w- c:\windows\system32\ZTAG.DLL
2011-09-30 10:50 . 2007-12-10 00:00 127488 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-09-30 10:50 . 2007-12-10 00:00 115200 ----a-w- c:\windows\system32\ZLhp1020.DLL
2011-09-29 17:43 . 2011-09-29 17:43 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-09-28 18:14 . 2011-09-28 18:14 -------- d-----w- c:\program files (x86)\Telecom Italia
2011-09-28 17:43 . 2011-09-28 17:43 -------- d-----w- c:\program files (x86)\VideoLAN
2011-09-28 17:43 . 2011-09-28 17:43 716318 ----a-w- c:\windows\unins000.exe
2011-09-28 17:42 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-09-28 17:42 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-09-28 17:42 . 2011-08-29 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-09-28 17:42 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-09-28 17:42 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-09-28 17:42 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-09-28 17:42 . 2011-09-28 17:42 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-09-28 17:39 . 2011-09-28 17:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-28 17:28 . 2011-09-28 17:37 -------- d-----w- c:\programdata\Nero
2011-09-28 17:27 . 2011-09-28 17:28 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-09-28 17:27 . 2011-09-28 17:37 -------- d-----w- c:\program files (x86)\Nero
2011-09-28 17:17 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-09-28 17:17 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-09-28 17:17 . 2011-09-28 17:17 -------- d-----w- c:\programdata\eMule
2011-09-28 17:16 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-09-28 17:16 . 2011-09-28 17:16 -------- d-----w- c:\program files (x86)\eMule
2011-09-28 17:16 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-09-28 17:15 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2011-09-28 17:06 . 2011-09-28 17:06 -------- d-----w- c:\program files (x86)\Acer
2011-09-28 17:06 . 2011-09-28 17:05 200704 ----a-w- c:\windows\PLFSetI.exe
2011-09-28 17:06 . 2008-09-09 17:02 106496 ----a-w- c:\windows\FixUVC.exe
2011-09-28 16:46 . 2011-09-28 16:46 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-09-28 16:46 . 2011-09-28 16:46 -------- d-----w- c:\program files\CheckPoint
2011-09-28 16:34 . 2011-09-28 16:34 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-09-28 16:34 . 2011-09-28 16:34 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-28 16:34 . 2011-09-28 16:34 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-09-28 16:34 . 2011-10-11 15:03 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-28 16:34 . 2011-09-28 16:36 -------- d-----w- c:\programdata\AVG2012
2011-09-28 16:33 . 2011-09-28 16:33 -------- d-----w- c:\program files (x86)\AVG
2011-09-28 16:30 . 2011-09-28 16:30 -------- d--h--w- c:\programdata\Common Files
2011-09-28 16:25 . 2011-10-11 15:03 -------- d-----w- c:\programdata\MFAData
2011-09-28 16:25 . 2011-09-28 16:25 650240 ----a-w- c:\windows\AutoKMS.exe
2011-09-28 16:24 . 2011-10-11 18:10 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-09-28 16:22 . 2011-09-28 16:24 -------- d--h--w- c:\program files (x86)\Temp
2011-09-28 16:22 . 2011-08-31 17:12 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-09-28 16:22 . 2011-09-28 18:14 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-09-28 16:19 . 2011-09-28 16:19 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-09-28 16:19 . 2011-10-09 11:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-09-28 16:19 . 2011-09-28 16:19 -------- d-----w- c:\windows\PCHEALTH
2011-09-28 16:19 . 2011-09-28 16:19 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-09-28 16:19 . 2011-09-28 16:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-28 16:17 . 2011-09-28 16:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-28 16:16 . 2011-09-28 16:16 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-09-28 16:16 . 2011-09-28 16:21 -------- d-----w- c:\programdata\Microsoft Help
2011-09-28 16:16 . 2011-09-28 16:16 -------- d-----r- C:\MSOCache
2011-09-28 15:55 . 2011-06-01 12:18 79360 ----a-w- c:\windows\system32\drivers\ax88772.sys
2011-09-28 15:55 . 2009-07-14 12:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-09-28 15:54 . 2011-09-28 15:54 -------- d-----w- c:\programdata\NVIDIA
2011-09-28 15:51 . 2009-07-28 05:56 539680 ----a-w- c:\windows\system32\nvuninst.exe
2011-09-28 15:00 . 2011-09-21 07:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FE81C99-F8F1-4687-B0E5-EE280A22BEA8}\mpengine.dll
2011-09-28 14:59 . 2011-09-28 14:59 -------- d-----w- c:\program files\Google
2011-09-28 14:59 . 2011-10-10 09:55 -------- d-sh--w- c:\windows\Installer
2011-09-28 14:59 . 2011-09-28 14:59 -------- d-----w- c:\program files (x86)\Google
2011-09-28 14:59 . 2011-09-28 17:00 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-28 14:59 . 2011-09-28 14:59 -------- d-----w- c:\windows\SysWow64\Macromed
2011-09-28 14:38 . 2011-07-16 05:41 243200 ----a-w- c:\windows\system32\wow64.dll
2011-09-28 14:31 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-28 14:07 . 2009-05-08 07:03 305152 ----a-w- c:\windows\system32\RaCoInstx.dll
2011-09-28 14:07 . 2011-09-28 14:07 -------- d-----w- c:\windows\Options
2011-09-28 14:07 . 2009-05-19 19:48 702976 ----a-w- c:\windows\system32\netr28x.sys
2011-09-28 14:05 . 2011-09-28 14:05 -------- d-----w- c:\programdata\Ralink
2011-09-28 14:01 . 2010-08-14 17:01 7347200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2011-09-28 14:00 . 2011-09-28 16:23 -------- d-----w- c:\program files (x86)\Realtek
2011-09-28 13:56 . 2011-09-28 13:56 -------- d-----w- c:\program files\Synaptics
2011-09-28 13:46 . 2011-09-28 12:56 -------- d-----w- c:\windows\Panther
2011-09-28 13:46 . 2011-09-28 13:46 -------- d-----w- C:\Boot
2011-09-28 13:39 . 2011-09-28 13:39 -------- d-----w- C:\Intel
2011-09-28 13:39 . 2009-06-04 16:54 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-09-28 13:38 . 2011-09-28 18:15 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-09-28 13:38 . 2011-09-28 13:43 -------- d-----w- c:\program files (x86)\Intel
2011-09-28 13:37 . 2010-08-14 16:02 272432 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-09-28 13:37 . 2010-08-14 16:02 203560 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-09-28 13:37 . 2010-08-14 16:02 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-09-28 13:37 . 2010-08-14 16:02 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-09-28 13:37 . 2010-08-14 16:02 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-09-28 13:37 . 2010-08-14 16:02 395048 ----a-w- c:\windows\system32\SynCOM.dll
2011-09-28 13:37 . 2010-08-14 16:02 260904 ----a-w- c:\windows\system32\SynCtrl.dll
2011-09-28 13:37 . 2010-08-14 16:02 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-09-28 12:56 . 2011-09-28 12:57 -------- d-----w- c:\users\Luc
2011-09-14 17:05 . 2011-09-14 17:05 712 ----a-w- c:\windows\system32\RTSLCS.dll
2011-09-14 17:04 . 2011-09-14 17:04 70528 ----a-w- c:\windows\system32\drivers\volmgr.sys
2011-09-14 17:04 . 2011-09-14 17:04 63360 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-09-14 17:04 . 2011-09-14 17:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-09-14 17:04 . 2011-09-14 17:04 185216 ----a-w- c:\windows\system32\drivers\pci.sys
2011-09-14 17:03 . 2011-09-14 17:03 5561712 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-14 17:03 . 2011-09-14 17:03 3967856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-09-14 17:03 . 2011-09-14 17:03 3912560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-09-14 17:02 . 2011-09-14 17:02 8704 ----a-w- c:\windows\SysWow64\nsi.dll
2011-09-14 17:02 . 2011-09-14 17:02 24576 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2011-09-14 17:02 . 2011-09-14 17:02 16896 ----a-w- c:\windows\SysWow64\winnsi.dll
2011-09-14 17:01 . 2011-09-14 17:01 748032 ----a-w- c:\windows\system32\msdtcprx.dll
2011-09-14 17:01 . 2011-09-14 17:01 59392 ----a-w- c:\windows\system32\xolehlp.dll
2011-09-14 17:01 . 2011-09-14 17:01 375808 ----a-w- c:\windows\system32\mtxclu.dll
2011-09-14 17:01 . 2011-09-14 17:01 1511936 ----a-w- c:\windows\system32\msdtctm.dll
2011-09-14 17:01 . 2011-09-14 17:01 580608 ----a-w- c:\windows\SysWow64\msdtcprx.dll
2011-09-14 17:01 . 2011-09-14 17:01 48128 ----a-w- c:\windows\SysWow64\xolehlp.dll
2011-09-14 17:01 . 2011-09-14 17:01 323584 ----a-w- c:\windows\SysWow64\mtxclu.dll
2011-09-14 17:01 . 2011-09-14 17:01 3718144 ----a-w- c:\windows\system32\mstscax.dll
2011-09-14 17:01 . 2011-09-14 17:01 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-09-14 17:01 . 2011-09-14 17:01 249344 ----a-w- c:\windows\system32\wksprt.exe
2011-09-14 17:01 . 2011-09-14 17:01 1119744 ----a-w- c:\windows\system32\mstsc.exe
2011-09-14 17:01 . 2011-09-14 17:01 1051648 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-09-14 17:00 . 2011-09-14 17:00 29184 ----a-w- c:\windows\system32\version.dll
2011-09-14 17:00 . 2011-09-14 17:00 21504 ----a-w- c:\windows\SysWow64\version.dll
2011-09-14 17:00 . 2011-09-14 17:00 469504 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-09-14 17:00 . 2011-09-14 17:00 285184 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-09-14 16:59 . 2011-09-14 16:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-09-14 16:59 . 2011-09-14 16:59 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-14 16:59 . 2011-09-14 16:59 503296 ----a-w- c:\windows\system32\srcore.dll
2011-09-14 16:59 . 2011-09-14 16:59 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2011-09-14 16:58 . 2011-09-14 16:58 328192 ----a-w- c:\windows\system32\drivers\udfs.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 04:08 . 2011-08-08 04:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-20 15:27 . 2011-07-20 15:27 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-20 15:26 . 2011-07-20 15:26 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-07-20 15:26 . 2011-07-20 15:26 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-07-20 15:26 . 2011-07-20 15:26 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-20 15:26 . 2011-07-20 15:26 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-07-20 15:26 . 2011-07-20 15:26 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-07-20 15:26 . 2011-07-20 15:26 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-07-20 15:26 . 2011-07-20 15:26 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-07-20 15:26 . 2011-07-20 15:26 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-07-20 15:26 . 2011-07-20 15:26 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-07-20 15:26 . 2011-07-20 15:26 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-07-20 15:26 . 2011-07-20 15:26 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-07-20 15:26 . 2011-07-20 15:26 491520 ----a-w- c:\windows\system32\mssph.dll
2011-07-20 15:26 . 2011-07-20 15:26 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-07-20 15:26 . 2011-07-20 15:26 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-07-20 15:26 . 2011-07-20 15:26 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-07-20 15:26 . 2011-07-20 15:26 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-07-20 15:26 . 2011-07-20 15:26 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-07-20 15:26 . 2011-07-20 15:26 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-07-20 15:26 . 2011-07-20 15:26 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-07-20 15:26 . 2011-07-20 15:26 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-07-20 15:26 . 2011-07-20 15:26 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-07-20 15:26 . 2011-07-20 15:26 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-07-20 15:26 . 2011-07-20 15:26 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-07-20 15:25 . 2011-07-20 15:25 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-20 15:25 . 2011-07-20 15:25 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-07-20 15:25 . 2011-07-20 15:25 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-20 15:24 . 2011-07-20 15:24 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-20 15:24 . 2011-07-20 15:24 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-20 15:24 . 2011-07-20 15:24 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-20 15:22 . 2011-07-20 15:22 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-20 15:21 . 2011-07-20 15:21 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-20 15:21 . 2011-07-20 15:21 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-07-20 15:21 . 2011-07-20 15:21 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-20 15:21 . 2011-07-20 15:21 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-07-16 04:26 . 2011-09-28 14:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-28 16:34 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-28 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"OfficeAutoActivation"="c:\program files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe" [2010-12-25 90112]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-09-28 218440]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netw5v64;Driver scheda Intel® Wireless WiFi Link serie 5000 per Windows Vista a 64 bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-28 246600]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 NETw5s64;Driver scheda Intel® Wireless WiFi Link per Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-11 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-09-28 16:25]
.
2011-10-11 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-09-28 16:25]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 14:59]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 14:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-09-28 200704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\zzn6u74b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Ora fine scansione: 2011-10-11 20:14:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-10-11 18:14
.
Pre-Run: 191.379.349.504 byte disponibili
Post-Run: 192.643.641.344 byte disponibili
.
- - End Of File - - A7B56C852CE87CBB6044FB10F4DFDC7E


The problem persists what I do?

Edited by hamluis, 11 October 2011 - 03:51 PM.
Moved from Am I Infected to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 16 October 2011 - 05:38 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Fra87

Fra87
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 16 October 2011 - 01:04 PM

OTL logfile created on: 16/10/2011 19:58:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Luc\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 66,97% Memory free
7,99 Gb Paging File | 6,60 Gb Available in Paging File | 82,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,12 Gb Total Space | 179,27 Gb Free Space | 80,35% Space Free | Partition Type: NTFS

Computer Name: LUC-PC | User Name: Luc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 19:57:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Luc\Desktop\OTL.exe
PRC - [2011/10/02 14:17:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/28 19:05:34 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2011/09/28 18:34:47 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/28 18:34:47 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/02/22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 14:17:12 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 19:05:34 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2011/09/28 19:00:33 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/28 18:34:47 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/28 18:34:47 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/06/01 14:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/14 18:02:23 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/09/15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Driver scheda Intel®
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Driver scheda Intel®
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 12 09 43 EB 7D CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.it"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/06 12:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/02 14:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/28 17:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luc\AppData\Roaming\mozilla\Extensions
[2011/09/30 13:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luc\AppData\Roaming\mozilla\Firefox\Profiles\zzn6u74b.default\extensions
[2011/09/28 18:34:51 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Luc\AppData\Roaming\mozilla\Firefox\Profiles\zzn6u74b.default\extensions\avg@toolbar
[2011/09/30 13:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luc\AppData\Roaming\mozilla\Firefox\Profiles\zzn6u74b.default\extensions\TRASH
[2011/09/27 14:10:50 | 000,000,939 | ---- | M] () -- C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\zzn6u74b.default\searchplugins\conduit.xml
[2011/09/28 17:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/10/06 12:31:03 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/10/02 14:17:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/23 04:07:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/23 04:41:19 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
[2011/09/23 04:41:19 | 000,000,825 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml
[2011/09/23 04:41:19 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/09/23 04:41:19 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/09/28 16:27:42 | 000,001,751 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.nero.com
O1 - Hosts: 127.0.0.1 www.nero.com/rus/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support-customer-service-product-registration.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-upgrade-center.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-volume-licensing.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg
O1 - Hosts: 127.0.0.1 www.nero.com/enu/support-nero8.html
O1 - Hosts: 127.0.0.1 my.nero.com
O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp
O1 - Hosts: 127.0.0.1 activation@nero.com
O1 - Hosts: 127.0.0.1 registernero.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OfficeAutoActivation] C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A0CDF0-1504-49D3-B246-F329E63027B3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{771AE197-CE95-46C9-BB99-475F23229E1E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c6a5eae9-e9d9-11e0-bac4-f7d563f4024c}\Shell - "" = AutoRun
O33 - MountPoints2\{c6a5eae9-e9d9-11e0-bac4-f7d563f4024c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 19:57:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Luc\Desktop\OTL.exe
[2011/10/13 14:57:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 14:57:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 14:57:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 14:57:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 14:57:01 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 14:57:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 14:57:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 14:57:00 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/13 14:57:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/13 14:44:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 14:44:15 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 14:44:15 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 14:44:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 14:43:53 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/13 14:43:53 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/11 20:02:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/11 20:02:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/11 20:02:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 14:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2011/10/03 16:33:33 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Diagnostics
[2011/10/02 14:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2011/10/02 14:35:49 | 004,603,800 | ---- | C] (Veetle Inc) -- C:\Users\Luc\Desktop\veetle-0.9.18.exe
[2011/09/30 12:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/09/30 12:50:07 | 000,127,488 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZSPOOL.DLL
[2011/09/30 12:50:07 | 000,115,200 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZLhp1020.DLL
[2011/09/30 12:50:07 | 000,061,952 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZIMF.DLL
[2011/09/30 12:50:07 | 000,049,664 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZTAG.DLL
[2011/09/29 19:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/09/28 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telecom Italia
[2011/09/28 19:44:11 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\vlc
[2011/09/28 19:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/28 19:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/09/28 19:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/09/28 19:42:19 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\mp3fhg.acm
[2011/09/28 19:42:18 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011/09/28 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011/09/28 19:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/28 19:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/09/28 19:39:01 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Nero
[2011/09/28 19:38:41 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Adobe
[2011/09/28 19:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/09/28 19:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/09/28 19:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011/09/28 19:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/09/28 19:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011/09/28 19:17:53 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/09/28 19:17:22 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/09/28 19:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2011/09/28 19:16:49 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/09/28 19:16:49 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\eMule
[2011/09/28 19:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
[2011/09/28 19:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2011/09/28 19:16:23 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/09/28 19:15:54 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/09/28 19:15:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/09/28 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Luc\Documents\File di Outlook
[2011/09/28 19:07:24 | 000,000,000 | ---D | C] -- C:\Users\Luc\Desktop\Home
[2011/09/28 19:06:24 | 000,000,000 | ---D | C] -- C:\Users\Luc\Desktop\Fotocamera & Videocamera
[2011/09/28 19:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2011/09/28 19:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2011/09/28 18:47:18 | 000,000,000 | ---D | C] -- C:\Users\Luc\Documents\ForceField Shared Files
[2011/09/28 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\CheckPoint
[2011/09/28 18:46:48 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Conduit
[2011/09/28 18:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/09/28 18:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/09/28 18:46:08 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2011/09/28 18:45:55 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2011/09/28 18:45:55 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2011/09/28 18:45:53 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2011/09/28 18:45:51 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2011/09/28 18:45:51 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2011/09/28 18:45:50 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2011/09/28 18:45:50 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2011/09/28 18:45:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/09/28 18:45:49 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2011/09/28 18:45:47 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2011/09/28 18:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/09/28 18:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/09/28 18:45:05 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2011/09/28 18:45:05 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2011/09/28 18:45:05 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/09/28 18:35:45 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\AVG2012
[2011/09/28 18:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/28 18:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/09/28 18:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/09/28 18:34:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/09/28 18:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/28 18:34:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/09/28 18:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/09/28 18:30:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/09/28 18:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/28 18:23:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/09/28 18:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/09/28 18:23:07 | 003,201,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011/09/28 18:23:07 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/09/28 18:23:07 | 002,518,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011/09/28 18:23:07 | 001,881,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011/09/28 18:23:07 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011/09/28 18:23:07 | 001,501,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2011/09/28 18:23:07 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2011/09/28 18:23:07 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011/09/28 18:23:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/09/28 18:23:07 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/09/28 18:23:07 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011/09/28 18:23:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/09/28 18:23:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/09/28 18:23:07 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2011/09/28 18:23:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/09/28 18:23:07 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/09/28 18:23:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/09/28 18:23:07 | 000,177,088 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2011/09/28 18:23:07 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/09/28 18:23:07 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011/09/28 18:23:07 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2011/09/28 18:23:07 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2011/09/28 18:23:07 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/09/28 18:23:07 | 000,097,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011/09/28 18:23:07 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2011/09/28 18:23:07 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/09/28 18:23:07 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2011/09/28 18:23:07 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011/09/28 18:23:07 | 000,065,432 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2011/09/28 18:23:06 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011/09/28 18:23:06 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011/09/28 18:23:06 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/09/28 18:23:06 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/09/28 18:23:06 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/09/28 18:23:06 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/09/28 18:23:06 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/09/28 18:23:06 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/09/28 18:23:06 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/09/28 18:23:06 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/09/28 18:23:06 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2011/09/28 18:23:06 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2011/09/28 18:23:06 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2011/09/28 18:23:06 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/09/28 18:23:06 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2011/09/28 18:23:06 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/09/28 18:23:06 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/09/28 18:23:06 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011/09/28 18:23:06 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011/09/28 18:23:06 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011/09/28 18:23:06 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/09/28 18:23:06 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/09/28 18:23:06 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/09/28 18:23:06 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/09/28 18:23:06 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011/09/28 18:23:06 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011/09/28 18:23:06 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011/09/28 18:23:05 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011/09/28 18:23:05 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011/09/28 18:22:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011/09/28 18:22:58 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/09/28 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/09/28 18:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/09/28 18:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/09/28 18:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/09/28 18:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/09/28 18:19:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/09/28 18:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/09/28 18:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/09/28 18:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/28 18:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/09/28 18:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/09/28 18:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/09/28 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Microsoft Help
[2011/09/28 18:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/09/28 18:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/09/28 18:16:21 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/09/28 17:55:59 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2011/09/28 17:55:59 | 000,079,360 | ---- | C] (ASIX Electronics Corp.) -- C:\Windows\SysNative\drivers\ax88772.sys
[2011/09/28 17:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/09/28 17:51:27 | 000,539,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2011/09/28 17:50:32 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/09/28 17:50:32 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/09/28 17:50:32 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/09/28 17:50:32 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/09/28 17:50:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/09/28 17:50:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/09/28 17:50:32 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/09/28 17:50:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/09/28 17:50:28 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/09/28 17:02:56 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Mozilla
[2011/09/28 17:02:56 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Mozilla
[2011/09/28 17:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/28 16:59:57 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Google
[2011/09/28 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Macromedia
[2011/09/28 16:59:38 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Adobe
[2011/09/28 16:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/09/28 16:59:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/09/28 16:59:15 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Google
[2011/09/28 16:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/09/28 16:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/28 16:59:11 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/28 16:59:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/09/28 16:38:26 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/09/28 16:38:26 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/09/28 16:38:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/09/28 16:38:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/09/28 16:38:26 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/09/28 16:38:25 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/09/28 16:38:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/09/28 16:38:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/09/28 16:38:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/09/28 16:38:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/09/28 16:38:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/09/28 16:38:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/09/28 16:38:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/09/28 16:38:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/09/28 16:38:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/09/28 16:38:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/09/28 16:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/09/28 16:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/09/28 16:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/09/28 16:38:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/09/28 16:38:20 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/09/28 16:38:20 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/09/28 16:38:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/09/28 16:38:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/09/28 16:38:20 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/09/28 16:38:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/09/28 16:38:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/09/28 16:38:20 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/09/28 16:38:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/09/28 16:38:18 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/09/28 16:38:17 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/09/28 16:35:31 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\ElevatedDiagnostics
[2011/09/28 16:07:11 | 000,305,152 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/09/28 16:07:10 | 000,702,976 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\netr28x.sys
[2011/09/28 16:07:10 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/09/28 16:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/09/28 16:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2011/09/28 16:01:21 | 007,347,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSUSTORicon.dll
[2011/09/28 16:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/09/28 15:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/09/28 15:51:42 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\WinRAR
[2011/09/28 15:51:42 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/28 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/28 15:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/28 15:46:33 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/09/28 15:46:18 | 000,000,000 | ---D | C] -- C:\Boot
[2011/09/28 15:43:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/09/28 15:39:40 | 000,000,000 | ---D | C] -- C:\Intel
[2011/09/28 15:39:17 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/09/28 15:38:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/09/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/09/28 15:38:06 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\InstallShield
[2011/09/28 15:37:12 | 000,272,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/09/28 15:37:12 | 000,203,560 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/09/28 15:37:12 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2011/09/28 15:37:12 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/09/28 15:37:10 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/09/28 15:37:08 | 000,395,048 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/09/28 15:37:08 | 000,260,904 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/09/28 15:37:08 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/09/28 14:58:08 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Identities
[2011/09/28 14:57:55 | 000,000,000 | R--D | C] -- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/28 14:57:55 | 000,000,000 | R--D | C] -- C:\Users\Luc\Searches
[2011/09/28 14:57:55 | 000,000,000 | R--D | C] -- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/28 14:56:43 | 000,000,000 | R--D | C] -- C:\Users\Luc\Contacts
[2011/09/28 14:56:41 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\VirtualStore
[2011/09/28 14:56:28 | 000,000,000 | --SD | C] -- C:\Users\Luc\AppData\Roaming\Microsoft
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Videos
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Saved Games
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Pictures
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Music
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Links
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Favorites
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Downloads
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Documents
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\Desktop
[2011/09/28 14:56:28 | 000,000,000 | R--D | C] -- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Documents\Video
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\AppData\Local\Temporary Internet Files
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\SendTo
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Risorse di stampa
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Risorse di rete
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Recenti
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Documents\Musica
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Modelli
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Menu Avvio
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Impostazioni locali
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Documents\Immagini
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Documenti
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Dati applicazioni
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\AppData\Local\Dati applicazioni
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\AppData\Local\Cronologia
[2011/09/28 14:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Luc\Cookies
[2011/09/28 14:56:28 | 000,000,000 | -H-D | C] -- C:\Users\Luc\AppData
[2011/09/28 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Temp
[2011/09/28 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Local\Microsoft
[2011/09/28 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\Luc\AppData\Roaming\Media Center Programs
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Video
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\Programmi
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Preferiti
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Musica
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelli
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Avvio
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Immagini
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\Program Files\File comuni
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documenti
[2011/09/28 14:55:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dati applicazioni
[2011/09/28 14:55:45 | 000,000,000 | ---D | C] -- C:\Recovery
[2011/09/28 14:50:32 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/28 14:47:42 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/09/28 14:47:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 19:57:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Luc\Desktop\OTL.exe
[2011/10/16 19:16:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 19:16:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 19:13:01 | 106,697,520 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/16 19:11:03 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/16 19:09:55 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/10/16 19:09:54 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011/10/16 19:09:47 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2011/10/16 19:09:27 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 19:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/16 19:08:51 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/14 19:36:22 | 001,562,672 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/14 19:36:22 | 000,698,570 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011/10/14 19:36:22 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/14 19:36:22 | 000,127,764 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011/10/14 19:36:22 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/13 15:04:12 | 000,415,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/09 14:04:37 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/09 14:03:03 | 004,887,992 | ---- | M] () -- C:\Users\Luc\Desktop\lj1020_1022-HB-pnp-win64-it.exe
[2011/10/09 14:02:59 | 005,805,440 | ---- | M] () -- C:\Users\Luc\Desktop\lj1020_1022-HB-pd-win64-it.exe
[2011/10/09 13:59:57 | 015,810,515 | ---- | M] () -- C:\Users\Luc\Desktop\Algoritmi E Strutture Di Dati - UTET.pdf
[2011/10/09 13:41:26 | 001,553,896 | ---- | M] () -- C:\Users\Luc\Desktop\HPPDU.exe
[2011/10/06 12:31:03 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/04 18:08:23 | 000,025,070 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/02 14:35:56 | 004,603,800 | ---- | M] (Veetle Inc) -- C:\Users\Luc\Desktop\veetle-0.9.18.exe
[2011/09/28 20:12:51 | 000,002,959 | ---- | M] () -- C:\Users\Luc\Desktop\Nero Express.lnk
[2011/09/28 19:44:04 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/09/28 19:43:25 | 000,000,762 | ---- | M] () -- C:\Windows\unins000.dat
[2011/09/28 19:43:18 | 000,716,318 | ---- | M] () -- C:\Windows\unins000.exe
[2011/09/28 19:33:28 | 000,002,977 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2011/09/28 19:32:26 | 000,002,925 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2011/09/28 19:31:20 | 000,002,855 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2011/09/28 19:29:32 | 000,003,021 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2011/09/28 19:28:52 | 000,002,967 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2011/09/28 19:16:52 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2011/09/28 19:05:34 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
[2011/09/28 19:05:34 | 000,000,074 | ---- | M] () -- C:\Windows\PidList.ini
[2011/09/28 19:00:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/28 18:47:29 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/09/28 18:46:09 | 000,001,070 | ---- | M] () -- C:\Users\Luc\Desktop\ZoneAlarm Security.lnk
[2011/09/28 18:34:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/28 18:34:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/09/28 18:25:10 | 000,650,240 | ---- | M] () -- C:\Windows\AutoKMS.exe
[2011/09/28 18:25:10 | 000,000,182 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2011/09/28 17:56:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ax88772_01009.Wdf
[2011/09/28 17:02:37 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/28 16:27:42 | 000,001,751 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/28 16:24:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/09/28 15:56:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/09/28 15:46:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/09/28 14:56:17 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/09/28 14:56:16 | 000,291,290 | RHS- | M] () -- C:\KWUVD
[2011/09/28 14:52:06 | 000,191,126 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/28 14:52:06 | 000,191,126 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/16 19:13:01 | 106,697,520 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/09 14:02:47 | 004,887,992 | ---- | C] () -- C:\Users\Luc\Desktop\lj1020_1022-HB-pnp-win64-it.exe
[2011/10/09 14:02:27 | 005,805,440 | ---- | C] () -- C:\Users\Luc\Desktop\lj1020_1022-HB-pd-win64-it.exe
[2011/10/09 13:59:27 | 082,285,907 | ---- | C] () -- C:\Users\Luc\Desktop\Cormen - Introduzione Agli Algoritmi (2nd ed).pdf
[2011/10/09 13:58:59 | 015,810,515 | ---- | C] () -- C:\Users\Luc\Desktop\Algoritmi E Strutture Di Dati - UTET.pdf
[2011/10/09 13:41:23 | 001,553,896 | ---- | C] () -- C:\Users\Luc\Desktop\HPPDU.exe
[2011/10/04 18:08:22 | 000,025,070 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/30 12:50:07 | 000,568,832 | ---- | C] () -- C:\Windows\SysNative\ZSHP1020.EXE
[2011/09/30 12:50:06 | 000,574,100 | ---- | C] () -- C:\Windows\SysNative\hp1022n.img
[2011/09/30 12:50:06 | 000,206,768 | ---- | C] () -- C:\Windows\SysNative\hp1022.img
[2011/09/30 12:50:06 | 000,128,380 | ---- | C] () -- C:\Windows\SysNative\hp1020.img
[2011/09/30 12:50:06 | 000,010,710 | ---- | C] () -- C:\Windows\SysNative\ZSHP1020.CHM
[2011/09/28 20:12:51 | 000,002,959 | ---- | C] () -- C:\Users\Luc\Desktop\Nero Express.lnk
[2011/09/28 19:44:04 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/09/28 19:43:22 | 000,716,318 | ---- | C] () -- C:\Windows\unins000.exe
[2011/09/28 19:43:22 | 000,000,762 | ---- | C] () -- C:\Windows\unins000.dat
[2011/09/28 19:42:20 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/09/28 19:42:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/09/28 19:42:18 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/28 19:42:18 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/28 19:42:18 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/28 19:39:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/28 19:39:45 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/28 19:33:28 | 000,002,977 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2011/09/28 19:32:26 | 000,002,925 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2011/09/28 19:31:20 | 000,002,855 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2011/09/28 19:29:32 | 000,003,021 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2011/09/28 19:28:52 | 000,002,967 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2011/09/28 19:16:52 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2011/09/28 19:06:06 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/09/28 19:06:06 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011/09/28 19:06:06 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2011/09/28 18:46:09 | 000,001,070 | ---- | C] () -- C:\Users\Luc\Desktop\ZoneAlarm Security.lnk
[2011/09/28 18:45:50 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/09/28 18:34:52 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/28 18:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/28 18:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/09/28 18:25:10 | 000,650,240 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2011/09/28 18:25:10 | 000,000,202 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011/09/28 18:25:10 | 000,000,196 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2011/09/28 18:25:10 | 000,000,182 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/09/28 18:24:52 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/09/28 17:56:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ax88772_01009.Wdf
[2011/09/28 17:02:37 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/28 17:02:37 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/28 16:59:21 | 000,001,144 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/28 16:59:19 | 000,001,140 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/28 16:24:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/09/28 16:07:10 | 000,339,274 | ---- | C] () -- C:\Windows\SysNative\netr28x.inf
[2011/09/28 16:07:10 | 000,021,009 | ---- | C] () -- C:\Windows\SysNative\netr28x.cat
[2011/09/28 16:07:10 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/09/28 15:56:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/09/28 15:46:20 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/09/28 15:46:18 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/09/28 14:58:15 | 000,001,393 | ---- | C] () -- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/28 14:58:02 | 000,001,427 | ---- | C] () -- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/28 14:56:17 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2011/09/28 14:56:16 | 000,291,290 | RHS- | C] () -- C:\KWUVD
[2011/09/28 14:51:39 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/09/28 14:51:30 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/09/28 14:47:17 | 3217,231,872 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 17 October 2011 - 06:01 AM

Hello, Fra87.


Step 1

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3


Click Start --> run and type shutdown /s and press Enter. Note the space between shutdown and the slash.

DId your computer properly shut down with that command?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 21 October 2011 - 05:31 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 26 October 2011 - 05:19 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users