Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google keeps redirecting (it's ok in safe mode only)


  • This topic is locked This topic is locked
14 replies to this topic

#1 Enzo d

Enzo d

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 17 May 2012 - 02:35 AM

Windows XP Pro SP3 ITA 32bit

When click on a Google link every browser is redirected to url like: http://74.117.182.77/click.php?...

In safe mode no problem.

Eset online scanner, MBAM, SuperAntiSpyware, Spybot can't see the virus

DDS and GMER log (in attachment DDS attach)

DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by annalisa at 10:17:07 on 2012-05-16
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.255.32 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\TeamViewer\Version7\TeamViewer.exe
C:\Programmi\TeamViewer\Version7\tv_w32.exe
c:\programmi\teamviewer\version7\TeamViewer_Desktop.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programmi\spybot - search & destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmi\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\programmi\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\programmi\wot\WOT.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVIDIA nForce APU1 Utilities] NVATray.exe
mRun: [diagnostics] "C:\Programmi/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:it
mRun: [SDTray] "c:\programmi\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\programmi\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\autoco~1.lnk - c:\programmi\thomson speedtouch\st330\service\autoconnect.bat
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programmi\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282093470781
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{A47AB5F1-5529-44D8-988C-77BF1BCFC649} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\programmi\wot\WOT.dll
Notify: !SASWinLogon - c:\programmi\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmi\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\programmi\superantispyware\SASCore.exe [2011-8-12 116608]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 342784]
S1 SASDIFSV;SASDIFSV;c:\programmi\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\programmi\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-8-19 20328]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [2010-9-26 56088]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programmi\spybot - search & destroy 2\SDFSSvc.exe [2012-5-14 1181104]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programmi\spybot - search & destroy 2\SDUpdSvc.exe [2012-5-14 1185704]
S3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2010-8-28 36256]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~2\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~2\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~2\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2010-8-29 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2010-8-29 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2010-8-29 32000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-20 14336]
.
=============== Created Last 30 ================
.
2012-05-15 21:47:55 -------- d-sha-r- C:\cmdcons
2012-05-15 20:13:26 98816 ----a-w- c:\windows\sed.exe
2012-05-15 20:13:26 518144 ----a-w- c:\windows\SWREG.exe
2012-05-15 20:13:26 256000 ----a-w- c:\windows\PEV.exe
2012-05-15 20:13:26 208896 ----a-w- c:\windows\MBR.exe
2012-05-15 19:24:41 -------- d-----w- c:\programmi\Metapad
2012-05-15 07:20:13 -------- d-----w- c:\programmi\Oracle
2012-05-15 07:18:19 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-15 07:18:18 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 07:18:15 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-14 23:28:38 -------- d-----w- c:\programmi\ESET
2012-05-14 21:47:19 -------- d-----w- c:\documents and settings\annalisa\dati applicazioni\SUPERAntiSpyware.com
2012-05-14 21:45:27 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-05-14 21:45:27 -------- d-----w- c:\documents and settings\all users\dati applicazioni\SUPERAntiSpyware.com
2012-05-14 21:41:23 -------- d-----w- C:\ProcAlyzer Dumps
2012-05-14 20:25:19 -------- d-----w- c:\documents and settings\annalisa\dati applicazioni\Malwarebytes
2012-05-14 20:24:59 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes
2012-05-14 20:24:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 20:24:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-05-14 20:23:56 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Spybot - Search & Destroy
2012-05-14 20:22:58 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-05-14 20:22:43 -------- d-----w- c:\programmi\Spybot - Search & Destroy 2
2012-05-14 14:44:33 -------- d-----w- c:\documents and settings\annalisa\dati applicazioni\fifa
2012-05-14 08:16:02 151552 --sha-r- c:\windows\system32\nvsvc32E.dll
2012-05-10 07:02:55 -------- d-----w- c:\documents and settings\annalisa\.phet
2012-04-17 15:57:32 -------- d-----w- c:\documents and settings\annalisa\impostazioni locali\dati applicazioni\Help
.
==================== Find3M ====================
.
2012-04-11 13:51:38 2072832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51:36 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51:35 2196352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 11:00:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:22 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 10.18.53,07 ===============


GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-17 09:27:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340810A rev.5.46
Running: gmer.exe; Driver: C:\DOCUME~1\ANNALI~1\IMPOST~1\Temp\pxtorkog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF92D0360, 0x24BB1D, 0xE8000020]
? C:\DOCUME~1\ANNALI~1\IMPOST~1\Temp\mbr.sys Impossibile trovare il file specificato. !

---- Services - GMER 1.0.15 ----

Service C:\Programmi\Thomson (*** hidden *** ) [AUTO] st330service <-- ROOTKIT !!!

---- Files - GMER 1.0.15 ----

File C:\Programmi\DevotoOli\stili\aa\img\ridotte\_notes\top_comp.jpg.mno 263 bytes
File C:\Programmi\DevotoOli\stili\ab\img 0 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata 0 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\cerca.gif 288 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\cerca_over.gif 389 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\fondoSx.gif 73 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\new.gif 228 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\new_over.gif 229 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\open.gif 219 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\open_over.gif 218 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\pers.gif 218 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\pers_over.gif 218 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\print.gif 216 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\print_over.gif 217 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\save.gif 225 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\save_over.gif 223 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\Thumbs.db 16896 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\titolo.gif 520 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\cerca.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\cerca_over.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\fondoSx.gif.mno 257 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\new.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\new_over.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\open.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\open_over.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\pers.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\pers_over.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\print.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\print_over.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\ra02_prova03a.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\ra02_prova03a_over.gif.mno 260 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\save.gif.mno 259 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\save_over.gif.mno 259 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzata\_notes\titolo.gif.mno 258 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK 0 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\cerca.gif 286 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\cerca_over.gif 342 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\fondoDx.gif 291 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\fondoSx.gif 73 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\new.gif 215 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\new_over.gif 223 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\open.gif 205 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\open_over.gif 205 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\pers.gif 204 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\pers_over.gif 204 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\print.gif 205 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\print_over.gif 205 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\save.gif 212 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\save_over.gif 212 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\stamp.gif 74 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\stamp_over.gif 74 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\story.gif 96 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\story_over.gif 95 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\Thumbs.db 21504 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\titolo.gif 516 bytes
File C:\Programmi\DevotoOli\stili\ab\img\avanzataOK\topDx.jpg 3126 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso 0 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\appar.gif 336 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\appar_ov.gif 338 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\aster.gif 94 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\audio.gif 246 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\audio_over.gif 252 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\clearPron.gif 54 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\clearStampa.gif 70 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\devoto.gif 726 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\downOld.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\freccia.gif 617 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\freccia_ov.gif 612 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\new.gif 288 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\new_ov.gif 281 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\pallino.gif 59 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\pref.gif 276 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\pref_ov.gif 276 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\print.gif 277 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\print_ov.gif 276 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\sf_attiv.gif 52 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\sf_cerca.gif 57 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\sf_fless.gif 61 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\sf_lemmi.gif 115 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\sf_top.jpg 2985 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\sf_topOld.jpg 1903 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\tratto.gif 191 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\trattoOld.gif 127 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\vuoto.gif 151 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\_notes\appar.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\_notes\appar_f2.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\_notes\appar_over.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\ab\img\esteso\_notes\aster.gif.mno 252 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte 0 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\audio.gif 246 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\audio_over.gif 252 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\clearStampa.gif 43 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\downOld.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\freccina.gif 70 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\menu-rig.gif 62 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\menu-rigOLD2.gif 816 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\menu.gif 197 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\menu_down.gif 200 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\menu_over.gif 220 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\menu_overdown.gif 220 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\new.gif 80 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\new_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\pers.gif 63 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\pers_over.gif 63 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\print.gif 68 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\print_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\quadr.gif 51 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\sf_attiv.gif 52 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\top_comp.jpg 2657 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\top_vert.jpg 5463 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\top_vertOld.jpg 2906 bytes
File C:\Programmi\DevotoOli\stili\ab\img\ridotte\tratto.gif 151 bytes
File C:\Programmi\DevotoOli\stili\ab\img\Thumbs.db 30720 bytes
File C:\Programmi\DevotoOli\stili\ab\ricerca.css 8678 bytes
File C:\Programmi\DevotoOli\stili\ab\ricercaOK.css 8678 bytes
File C:\Programmi\DevotoOli\stili\ab\vers_colore_esteso.css 7263 bytes
File C:\Programmi\DevotoOli\stili\ab\vers_colore_minimo.css 7511 bytes
File C:\Programmi\DevotoOli\stili\ab\vers_colore_verticale.css 8472 bytes
File C:\Programmi\DevotoOli\stili\ba\img 0 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata 0 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\cerca.gif 286 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\cerca_over.gif 341 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\fondoDx.gif 491 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\fondoSx.gif 73 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\new.gif 205 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\new_over.gif 220 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\open.gif 204 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\open_over.gif 204 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\pers.gif 203 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\pers_over.gif 203 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\print.gif 203 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\print_over.gif 203 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\save.gif 211 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\save_over.gif 211 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\stamp.gif 118 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\stamp_over.gif 118 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\story.gif 148 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\story_over.gif 148 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\Thumbs.db 25088 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\tic.gif 75 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\tic_down.gif 83 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\tic_over.gif 79 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\tic_overdown.gif 87 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\titolo.gif 529 bytes
File C:\Programmi\DevotoOli\stili\ba\img\avanzata\topDx.jpg 3183 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso 0 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\appar.gif 281 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\appar_ov.gif 282 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\aster.gif 94 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\audio.gif 246 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\audio_over.gif 252 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\clearPron.gif 54 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\clearStampa.gif 70 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\devoto.gif 893 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\freccia.gif 271 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\freccia_ov.gif 258 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\new.gif 156 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\new_ov.gif 125 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\pallino.gif 74 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\pref.gif 142 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\pref_ov.gif 125 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\print.gif 146 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\print_ov.gif 128 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\sf_attiv.gif 45 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\sf_cerca.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\sf_fless.gif 61 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\sf_lemmi.gif 71 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\sf_top.jpg 2443 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\tratto.gif 191 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\trattoOld.gif 127 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\vuoto.gif 77 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\_notes\appar.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\_notes\appar_f2.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\_notes\aster.gif.mno 252 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\_notes\print.gif.mno 264 bytes
File C:\Programmi\DevotoOli\stili\ba\img\esteso\_notes\print_f2.gif.mno 264 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte 0 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\audio.gif 246 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\audio_over.gif 252 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\clearStampa.gif 43 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\Copia di menu-rig.gif 870 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\freccina.gif 70 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\menu-rig.gif 62 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\menu-rigOld.gif 80 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\menu.gif 217 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\menu_down.gif 196 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\menu_over.gif 195 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\menu_overdown.gif 230 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\new.gif 80 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\new_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\pers.gif 63 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\pers_over.gif 63 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\print.gif 68 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\print_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\quadr.gif 51 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\sf_attiv.gif 45 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\slice.gif 151 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\slice_over.gif 980 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\Thumbs.db 20480 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\top_comp.jpg 1622 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\top_vert.jpg 4077 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\top_vertOld.jpg 2906 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\top_vertOLD2.jpg 2939 bytes
File C:\Programmi\DevotoOli\stili\ba\img\ridotte\tratto.gif 151 bytes
File C:\Programmi\DevotoOli\stili\ba\img\Thumbs.db 23552 bytes
File C:\Programmi\DevotoOli\stili\ba\ricerca.css 8674 bytes
File C:\Programmi\DevotoOli\stili\ba\vers_colore_esteso.css 7221 bytes
File C:\Programmi\DevotoOli\stili\ba\vers_colore_minimo.css 7507 bytes
File C:\Programmi\DevotoOli\stili\ba\vers_colore_verticale.css 8471 bytes
File C:\Programmi\DevotoOli\stili\fa\img 0 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata 0 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\cerca.gif 292 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\cerca_over.gif 340 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\fondoDx.gif 275 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\fondoDx.htm 953 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\fondoSx.gif 115 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\new.gif 211 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\new_over.gif 226 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\open.gif 208 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\open_over.gif 208 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\pers.gif 207 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\pers_over.gif 207 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\print.gif 208 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\print_over.gif 208 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\save.gif 215 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\save_over.gif 215 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\slice.gif 277 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\slice.jpg 5453 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\spacer.gif 43 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\stamp.gif 144 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\stamp_over.gif 144 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\story.gif 151 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\story_over.gif 151 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\Thumbs.db 29184 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\tic.gif 75 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\tic_down.gif 83 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\tic_over.gif 79 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\tic_overdown.gif 87 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\titolo.gif 536 bytes
File C:\Programmi\DevotoOli\stili\fa\img\avanzata\topDx.jpg 5477 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso 0 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\appar.gif 391 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\appar_ov.gif 394 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\aster.gif 96 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\audio.gif 210 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\audio_over.gif 580 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\clearPron.gif 54 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\clearStampa.gif 70 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\devoto.gif 560 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\freccia.gif 266 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\freccia_ov.gif 272 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\freccia_over.gif 261 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\new.gif 336 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\new_ov.gif 333 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\pallino.gif 59 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\pref.gif 337 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\pref_ov.gif 335 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\print.gif 338 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\print_ov.gif 335 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\sf_attiv.gif 52 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\sf_cerca.gif 55 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\sf_fless.gif 61 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\sf_lemmi.gif 87 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\sf_top.jpg 2821 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\tratto.gif 191 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\trattoOld.gif 127 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\vuoto.gif 110 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\_notes\appar.gif.mno 267 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\_notes\appar_f2.gif.mno 267 bytes
File C:\Programmi\DevotoOli\stili\fa\img\esteso\_notes\aster.gif.mno 252 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte 0 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\audio.gif 210 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\audio_over.gif 580 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\clearStampa.gif 43 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\Copia di menu-rig.gif 809 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\menu-rig.gif 62 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\menu.gif 229 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\menu_down.gif 195 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\menu_over.gif 200 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\menu_overdown.gif 203 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\new.gif 68 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\new_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\pers.gif 63 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\pers_over.gif 63 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\print.gif 68 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\print_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\quadr.gif 51 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\sf_attiv.gif 52 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\Thumbs.db 17408 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\top_comp.jpg 2459 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\top_vert.jpg 4587 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\tratto.gif 151 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\fa\img\ridotte\_notes\top_comp.jpg.mno 264 bytes
File C:\Programmi\DevotoOli\stili\fa\img\Thumbs.db 20992 bytes
File C:\Programmi\DevotoOli\stili\fa\ricerca.css 8674 bytes
File C:\Programmi\DevotoOli\stili\fa\vers_colore_esteso.css 7278 bytes
File C:\Programmi\DevotoOli\stili\fa\vers_colore_minimo.css 7545 bytes
File C:\Programmi\DevotoOli\stili\fa\vers_colore_verticale.css 8465 bytes
File C:\Programmi\DevotoOli\stili\rg\img 0 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata 0 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\cerca.gif 278 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\cerca_over.gif 331 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\fondoDx.gif 287 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\fondoSx.gif 73 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\new.gif 193 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\new_over.gif 193 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\open.gif 193 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\open_over.gif 193 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\pers.gif 190 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\pers_over.gif 190 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\print.gif 190 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\print_over.gif 190 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\save.gif 200 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\save_over.gif 200 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\stamp.gif 74 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\stamp_over.gif 74 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\story.gif 96 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\story_over.gif 95 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\titolo.gif 524 bytes
File C:\Programmi\DevotoOli\stili\rg\img\avanzata\topDx.jpg 2821 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso 0 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\appar.gif 186 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\appar_ov.gif 187 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\aster.gif 95 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\audio.gif 151 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\audio_over.gif 979 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\clearPron.gif 54 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\clearStampa.gif 70 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\devoto.gif 1124 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\devoto_over.gif 1002 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\DOWN.gif 46 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\FRECCIA.gif 615 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\freccia_ov.gif 263 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\FRECCIA_over.gif 613 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\new.gif 155 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\new_ov.gif 148 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\pallino.gif 59 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\pref.gif 149 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\pref_ov.gif 149 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\print.gif 151 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\print_ov.gif 151 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\sf_attiv.gif 45 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\sf_cerca.gif 54 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\sf_fless.gif 61 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\sf_lemmi.gif 71 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\sf_top.jpg 2623 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\tratto.gif 191 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\trattoOld.gif 127 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\vuoto.gif 77 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\_notes\appar.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\_notes\appar_over.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\rg\img\esteso\_notes\aster.gif.mno 252 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte 0 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\appar.gif 154 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\appar_over.gif 154 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\audio.gif 151 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\audio_over.gif 979 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\clearStampa.gif 43 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\Copia di menu-rig.gif 769 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\menu-rig.gif 62 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\menu.gif 422 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\menu_down.gif 418 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\menu_over.gif 320 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\menu_overdown.gif 425 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\new.gif 68 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\new_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\pers.gif 63 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\pers_over.gif 63 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\print.gif 68 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\print_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\quadr.gif 51 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\sf_attiv.gif 45 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\Thumbs.db 24064 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\top_comp.jpg 2431 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\top_vert.jpg 4701 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\top_vertApparati.jpg 3470 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\tratto.gif 151 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes\menu.gif.mno 266 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes\menu_down.gif.mno 266 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes\menu_over.gif.mno 266 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes\menu_overdown.gif.mno 266 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes\slice.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes\slice_over.gif.mno 265 bytes
File C:\Programmi\DevotoOli\stili\rg\img\ridotte\_notes\top_vert.jpg.mno 264 bytes
File C:\Programmi\DevotoOli\stili\rg\img\Thumbs.db 23040 bytes
File C:\Programmi\DevotoOli\stili\rg\ricerca.css 8652 bytes
File C:\Programmi\DevotoOli\stili\rg\vers_colore_esteso.css 7262 bytes
File C:\Programmi\DevotoOli\stili\rg\vers_colore_minimo.css 7545 bytes
File C:\Programmi\DevotoOli\stili\rg\vers_colore_verticale.css 8453 bytes
File C:\Programmi\DevotoOli\stili\vg\img 0 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata 0 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\cerca.gif 304 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\cerca_over.gif 376 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\clearBottone.gif 61 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\fondoDx.gif 287 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\fondoSx.gif 73 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\new.gif 223 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\new_over.gif 227 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\open.gif 216 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\open_over.gif 216 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\pers.gif 218 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\pers_over.gif 218 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\print.gif 214 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\print_over.gif 215 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\save.gif 225 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\save_over.gif 226 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\stamp.gif 74 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\stamp_over.gif 74 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\story.gif 96 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\story_over.gif 95 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\titolo.gif 524 bytes
File C:\Programmi\DevotoOli\stili\vg\img\avanzata\topDx.jpg 2878 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso 0 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\appar.gif 1115 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\appar_ov.gif 1116 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\aster.gif 94 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\audio.gif 209 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\audio_over.gif 579 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\clear.gif 43 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\clearPron.gif 54 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\clearStampa.gif 70 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\devoto.gif 585 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\freccia.gif 274 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\freccia_ov.gif 274 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\new.gif 657 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\new_ov.gif 657 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\pallino.gif 75 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\pref.gif 630 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\pref_ov.gif 630 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\print.gif 640 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\print_ov.gif 640 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\sf_attiv.gif 52 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\sf_cerca.gif 71 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\sf_fless.gif 61 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\sf_lemmi.gif 88 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\sf_top.jpg 2140 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\trattoOld.gif 127 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\trattoOld2.gif 191 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\vers_colore_esteso.css.gif 94 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\vuoto.gif 77 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\_notes\appar.gif.mno 268 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\_notes\appar_over.gif.mno 268 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\_notes\aster.gif.mno 252 bytes
File C:\Programmi\DevotoOli\stili\vg\img\esteso\_notes\vers_colore_esteso.css.gif.mno 252 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte 0 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\audio.gif 209 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\audio_over.gif 579 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\clearStampa.gif 43 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\Copia di menu-rig.gif 869 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\down.gif 46 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\menu-rig.gif 62 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\menu.gif 256 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\menu_down.gif 256 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\menu_over.gif 194 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\menu_overdown.gif 251 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\new.gif 68 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\new_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\pers.gif 63 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\pers_over.gif 63 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\print.gif 68 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\print_over.gif 68 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\quadr.gif 51 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\sf_attiv.gif 52 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\Thumbs.db 15872 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\top_comp.jpg 3388 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\top_vert.jpg 4235 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\tratto.gif 151 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\_notes 0 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\_notes\menu.gif.mno 269 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\_notes\menu_down.gif.mno 269 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\_notes\menu_over.gif.mno 269 bytes
File C:\Programmi\DevotoOli\stili\vg\img\ridotte\_notes\menu_overdown.gif.mno 269 bytes
File C:\Programmi\DevotoOli\stili\vg\img\Thumbs.db 20992 bytes
File C:\Programmi\DevotoOli\stili\vg\ricerca.css 8674 bytes
File C:\Programmi\DevotoOli\stili\vg\vers_colore_esteso.css 7204 bytes
File C:\Programmi\DevotoOli\stili\vg\vers_colore_minimo.css 7509 bytes
File C:\Programmi\DevotoOli\stili\vg\vers_colore_verticale.css 8443 bytes
File C:\Programmi\ESET\ESET Online Scanner 0 bytes
File C:\Programmi\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2346904 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\esets_apiA.dll 451704 bytes
File C:\Programmi\ESET\ESET Online Scanner\esets_apiW.dll 464064 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\esets_apiW_a.dll 768944 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\log.txt 944 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules 0 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data 0 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles 0 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com 0 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver 22421 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver 22421 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod078B.nup 8841 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod07AD.nup 599085 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod21DF.nup 68405 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod257C.nup 1402749 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod2FE1.nup 160312 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod33F7.nup 22379 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod35A2.nup 2198030 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod3AC1.nup 42118 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod412D.nup 186252 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod43AD.nup 29448 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod4CCE.nup 10624 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod5309.nup 35039844 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod5411.nup 19421 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod6361.nup 19862 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod6CC7.nup 56165 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod7206.nup 513487 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod7226.nup 438663 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod750E.nup 99929 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod794F.nup 1621535 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod7F36.nup 5396 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp 0 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat 55770 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat 513125 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat 35326060 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat 609482 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat 492053 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat 46293 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat 82606 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat 2370366 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver 22421 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em000_32.dat 55770 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em001_32.dat 513125 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em002_32.dat 35326060 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em003_32.dat 609482 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em004_32.dat 492053 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em005_32.dat 46293 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em006_32.dat 82606 bytes
File C:\Programmi\ESET\ESET Online Scanner\Modules\em023_32.dat 2370366 bytes
File C:\Programmi\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 884304 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 863704 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\OnlineScanner.inf 172 bytes
File C:\Programmi\ESET\ESET Online Scanner\OnlineScanner.ocx 3405744 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\OnlineScanner64.ocx 3891976 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\OnlineScannerApp.exe 546464 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\OnlineScannerLang.dll 323984 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 204504 bytes executable
File C:\Programmi\ESET\ESET Online Scanner\Quarantine 0 bytes
File C:\Programmi\ESET\ESET Online Scanner\unicows.dll 258352 bytes executable
File C:\Programmi\File comuni\Adobe\ARM 0 bytes
File C:\Programmi\File comuni\Adobe\ARM\1.0 0 bytes
File C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARMHelper.exe 320456 bytes executable
File C:\Programmi\File comuni\DESIGNER\MSADDNDR.DLL 86016 bytes executable
File C:\Programmi\File comuni\InstallShield\Engine 0 bytes
File C:\Programmi\File comuni\InstallShield\Engine\6 0 bytes
File C:\Programmi\File comuni\InstallShield\Engine\6\Intel 32 0 bytes
File C:\Programmi\File comuni\InstallShield\Engine\6\Intel 32\corecomp.ini 28529 bytes
File C:\Programmi\File comuni\InstallShield\Engine\6\Intel 32\ctor.dll 77824 bytes executable
File C:\Programmi\File comuni\InstallShield\Engine\6\Intel 32\IKernel.exe 614532 bytes executable
File C:\Programmi\File comuni\InstallShield\Engine\6\Intel 32\iuser.dll 176128 bytes executable
File C:\Programmi\File comuni\InstallShield\Engine\6\Intel 32\objectps.dll 32768 bytes executable
File C:\Programmi\File comuni\InstallShield\IScript 0 bytes
File C:\Programmi\File comuni\InstallShield\IScript\iscript.dll 225280 bytes executable
File C:\Programmi\File comuni\InstallShield\Professional 0 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime 0 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09 0 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01 0 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32 0 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 69715 bytes executable
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 5632 bytes executable
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 188548 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 729088 bytes executable
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 266240 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 192512 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 311428 bytes executable
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\iKernel.rgs 29762 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\IsProBE.tlb 103616 bytes
File C:\Programmi\File comuni\InstallShield\Professional\RunTime\Objectps.dll 32768 bytes executable
File C:\Programmi\File comuni\Java\Java Update 0 bytes

---- EOF - GMER 1.0.15 ----



ComboFix LOG
Combofix don't run in standard mode (a lot of nircmd nirkmd e nircmdb not found) but run in safe mode
ComboFix 12-05-15.04 - annalisa 16/05/2012 2.13.16.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.255.121 [GMT 2:00]
Eseguito da: c:\documents and settings\annalisa\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\e6ce67
c:\documents and settings\All Users\Dati applicazioni\e6ce67\3444.mof
c:\documents and settings\All Users\Dati applicazioni\e6ce67\mbxmaexlzexmu.ini
c:\documents and settings\annalisa\Dati applicazioni\Smart Engine
c:\documents and settings\annalisa\Dati applicazioni\Smart Engine\Instructions.ini
c:\documents and settings\annalisa\WINDOWS
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-16 al 2012-05-16 )))))))))))))))))))))))))))))))))))
.
.
2012-05-15 19:24 . 2012-05-15 19:25 -------- d-----w- c:\programmi\Metapad
2012-05-15 07:33 . 2012-05-15 07:33 -------- d-----w- c:\programmi\File comuni\Java
2012-05-15 07:20 . 2012-05-15 07:20 -------- d-----w- c:\programmi\Oracle
2012-05-15 07:19 . 2012-05-15 07:19 -------- d-----w- c:\documents and settings\annalisa\Dati applicazioni\Oracle
2012-05-15 07:18 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-15 07:18 . 2012-04-04 16:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 07:18 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 07:15 . 2012-05-15 07:15 -------- d-----w- c:\programmi\Java
2012-05-14 23:28 . 2012-05-14 23:28 -------- d-----w- c:\programmi\ESET
2012-05-14 21:47 . 2012-05-14 21:47 -------- d-----w- c:\documents and settings\annalisa\Dati applicazioni\SUPERAntiSpyware.com
2012-05-14 21:45 . 2012-05-14 21:47 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-05-14 21:45 . 2012-05-14 21:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2012-05-14 21:41 . 2012-05-14 21:41 -------- d-----w- C:\ProcAlyzer Dumps
2012-05-14 20:25 . 2012-05-14 20:25 -------- d-----w- c:\documents and settings\annalisa\Dati applicazioni\Malwarebytes
2012-05-14 20:24 . 2012-05-14 20:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-05-14 20:24 . 2012-05-14 20:25 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-05-14 20:24 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 20:23 . 2012-05-15 05:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2012-05-14 20:22 . 2009-01-25 10:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-05-14 20:22 . 2012-05-14 21:36 -------- d-----w- c:\programmi\Spybot - Search & Destroy 2
2012-05-14 14:44 . 2012-05-14 14:44 -------- d-----w- c:\documents and settings\annalisa\Dati applicazioni\fifa
2012-05-14 08:16 . 2012-05-14 08:16 151552 --sha-r- c:\windows\system32\nvsvc32E.dll
2012-05-10 07:02 . 2012-05-10 07:02 -------- d-----w- c:\documents and settings\annalisa\.phet
2012-04-17 15:57 . 2012-04-17 15:57 -------- d-----w- c:\documents and settings\annalisa\Impostazioni locali\Dati applicazioni\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:51 . 2004-08-19 15:34 2072832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-20 03:31 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2004-08-20 03:34 2196352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 11:00 . 2004-08-20 03:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-20 03:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-20 03:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-20 03:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-20 03:39 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-20 03:26 385024 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
.
c:\windows\System32\ksuser.dll ... č mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2001-11-28 45056]
"diagnostics"="C:\Programmi/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2010-09-03 557149]
"SDTray"="c:\programmi\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
"Spybot-S&D Cleaning"="c:\programmi\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Auto connessione ad internet.lnk - c:\programmi\Thomson SpeedTouch\ST330\service\autoconnect.bat [2010-9-20 409]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Thomson SpeedTouch\\ST330\\WebInstaller\\STHIW\\stInstall.exe"=
"c:\\Programmi\\Thomson SpeedTouch\\ST330\\service\\st330service.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [2007-02-07 56088]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programmi\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
R3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~2\MSI\MSIWDev\DVDSYS32_100507.sys [2010-05-10 22328]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~2\MSI\MSIWDev\msibios32_100507.sys [2010-05-10 25912]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~2\MSI\MSIWDev\VGASYS32_100507.sys [2010-05-10 16696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2010-08-29 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2010-08-29 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2010-09-03 32000]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 342784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDUpdate.exe [2012-05-14 15:19]
.
2012-05-15 c:\windows\Tasks\ecku.job
- c:\windows\system32\nvsvc32E.dll [2012-05-14 08:16]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1965331169-725345543-1003Core.job
- c:\documents and settings\annalisa\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-08-18 02:34]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1965331169-725345543-1003UA.job
- c:\documents and settings\annalisa\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-08-18 02:34]
.
2012-05-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDImmunize.exe [2012-05-14 15:19]
.
2012-05-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDScan.exe [2012-05-14 15:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 02:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Programmi/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2012-05-16 02:29:59
ComboFix-quarantined-files.txt 2012-05-16 00:29
.
Pre-Run: 28.245.921.792 byte disponibili
Post-Run: 28.834.029.568 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 8DB333072B8268EC76404D99C3274BDC

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 17 May 2012 - 03:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Enzo d

Enzo d
  • Topic Starter

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 17 May 2012 - 05:28 AM

Hi gringo_pr and thank you for your help.

dds log and combofix log are in my first log. Please note combofix don't work in standard mode (a lot of nircmd, mirkmd and nircmdb missing) but works fine only in safe mode (so the log is captured in safe mode)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 17 May 2012 - 07:37 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Enzo d

Enzo d
  • Topic Starter

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 17 May 2012 - 05:20 PM

Hi gringo,

I tested the browsers and problem is no more present. How is this possible? The virus is auto-deactivating / hybernating?

Here the log:
=== TDSSKILLER ===
23:28:16.0162 0392 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
23:28:18.0178 0392 ============================================================
23:28:18.0178 0392 Current date / time: 2012/05/17 23:28:18.0178
23:28:18.0178 0392 SystemInfo:
23:28:18.0178 0392
23:28:18.0178 0392 OS Version: 5.1.2600 ServicePack: 3.0
23:28:18.0178 0392 Product type: Workstation
23:28:18.0256 0392 ComputerName: STUDIOCHEPPI
23:28:18.0584 0392 UserName: Annalisa Cheppi
23:28:18.0584 0392 Windows directory: C:\WINDOWS
23:28:18.0584 0392 System windows directory: C:\WINDOWS
23:28:18.0584 0392 Processor architecture: Intel x86
23:28:18.0584 0392 Number of processors: 1
23:28:18.0584 0392 Page size: 0x1000
23:28:18.0584 0392 Boot type: Normal boot
23:28:18.0584 0392 ============================================================
23:29:04.0928 0392 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:29:05.0397 0392 ============================================================
23:29:05.0397 0392 \Device\Harddisk0\DR0:
23:29:05.0569 0392 MBR partitions:
23:29:05.0569 0392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
23:29:05.0569 0392 ============================================================
23:29:10.0569 0392 C: <-> \Device\Harddisk0\DR0\Partition0
23:29:10.0741 0392 ============================================================
23:29:10.0741 0392 Initialize success
23:29:10.0741 0392 ============================================================
23:29:16.0725 1544 ============================================================
23:29:16.0725 1544 Scan started
23:29:16.0725 1544 Mode: Manual;
23:29:16.0725 1544 ============================================================
23:29:24.0022 1544 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
23:29:24.0194 1544 !SASCORE - ok
23:29:34.0928 1544 Abiosdsk - ok
23:29:35.0053 1544 abp480n5 - ok
23:29:35.0772 1544 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:29:36.0069 1544 ACPI - ok
23:29:36.0334 1544 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:29:36.0444 1544 ACPIEC - ok
23:29:38.0069 1544 adiusbaw (b944ad9f92d31285dba3d190deb43883) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
23:29:38.0209 1544 adiusbaw - ok
23:29:38.0225 1544 adpu160m - ok
23:29:39.0397 1544 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:29:39.0522 1544 AegisP - ok
23:29:43.0397 1544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:29:43.0584 1544 AFD - ok
23:29:43.0647 1544 Aha154x - ok
23:29:43.0678 1544 aic78u2 - ok
23:29:43.0694 1544 aic78xx - ok
23:29:44.0537 1544 alcan5ln (e8a3f72f644c0b57f8ab894d04b289d7) C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
23:29:44.0600 1544 alcan5ln - ok
23:29:46.0616 1544 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
23:29:46.0694 1544 alcan5wn - ok
23:29:48.0225 1544 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
23:29:48.0334 1544 alcaudsl - ok
23:30:07.0506 1544 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
23:30:08.0084 1544 Alerter - ok
23:30:10.0741 1544 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
23:30:10.0756 1544 ALG - ok
23:30:10.0772 1544 AliIde - ok
23:30:48.0975 1544 AmdK7 (8368729823859d2cfecc83bff7a4f8d8) C:\WINDOWS\system32\DRIVERS\amdk7.sys
23:30:49.0537 1544 AmdK7 - ok
23:30:50.0116 1544 amsint - ok
23:31:22.0241 1544 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
23:31:22.0616 1544 AppMgmt - ok
23:31:23.0303 1544 asc - ok
23:31:23.0303 1544 asc3350p - ok
23:31:23.0319 1544 asc3550 - ok
23:31:26.0162 1544 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:31:26.0600 1544 aspnet_state - ok
23:31:27.0506 1544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:31:27.0866 1544 AsyncMac - ok
23:31:30.0022 1544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:31:30.0225 1544 atapi - ok
23:31:30.0287 1544 Atdisk - ok
23:31:34.0709 1544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:31:34.0756 1544 Atmarpc - ok
23:31:35.0772 1544 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
23:31:35.0772 1544 AudioSrv - ok
23:31:36.0209 1544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:31:36.0319 1544 audstub - ok
23:31:37.0022 1544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:31:37.0162 1544 Beep - ok
23:31:48.0709 1544 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
23:31:55.0131 1544 BITS - ok
23:31:59.0459 1544 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
23:31:59.0537 1544 Browser - ok
23:32:05.0866 1544 catchme - ok
23:32:06.0709 1544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:07.0381 1544 cbidf2k - ok
23:32:07.0522 1544 cd20xrnt - ok
23:32:10.0366 1544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:10.0506 1544 Cdaudio - ok
23:32:35.0537 1544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:36.0162 1544 Cdfs - ok
23:32:37.0287 1544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:37.0303 1544 Cdrom - ok
23:32:37.0319 1544 Changer - ok
23:32:37.0662 1544 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
23:32:38.0366 1544 CiSvc - ok
23:32:39.0475 1544 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
23:32:39.0647 1544 ClipSrv - ok
23:32:41.0975 1544 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:43.0084 1544 clr_optimization_v2.0.50727_32 - ok
23:32:43.0100 1544 CmdIde - ok
23:32:43.0397 1544 COMSysApp - ok
23:32:43.0475 1544 Cpqarray - ok
23:32:48.0147 1544 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
23:32:48.0381 1544 cpuz134 - ok
23:32:57.0491 1544 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
23:32:57.0662 1544 CryptSvc - ok
23:32:57.0678 1544 dac2w2k - ok
23:32:57.0694 1544 dac960nt - ok
23:34:03.0100 1544 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
23:34:03.0444 1544 DcomLaunch - ok
23:34:04.0662 1544 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
23:34:04.0787 1544 DgiVecp - ok
23:34:06.0756 1544 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
23:34:06.0787 1544 Dhcp - ok
23:34:07.0459 1544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:07.0522 1544 Disk - ok
23:34:07.0522 1544 dmadmin - ok
23:34:22.0428 1544 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
23:34:22.0756 1544 dmboot - ok
23:34:24.0162 1544 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
23:34:24.0256 1544 dmio - ok
23:34:24.0366 1544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:34:24.0412 1544 dmload - ok
23:34:24.0694 1544 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
23:34:24.0709 1544 dmserver - ok
23:34:24.0787 1544 DMusic - ok
23:34:25.0272 1544 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
23:34:25.0616 1544 Dnscache - ok
23:34:32.0662 1544 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
23:34:32.0694 1544 Dot3svc - ok
23:34:32.0709 1544 dpti2o - ok
23:34:32.0866 1544 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
23:34:33.0069 1544 EapHost - ok
23:34:33.0366 1544 ELOADER (9a3a8614859fb77767b63a82a017ccc6) C:\WINDOWS\system32\Drivers\adildr.sys
23:34:33.0397 1544 ELOADER - ok
23:34:33.0647 1544 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
23:34:33.0678 1544 ERSvc - ok
23:34:34.0053 1544 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
23:34:34.0225 1544 Eventlog - ok
23:34:34.0975 1544 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
23:34:35.0037 1544 EventSystem - ok
23:34:35.0444 1544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:35.0537 1544 Fastfat - ok
23:34:36.0553 1544 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
23:34:36.0600 1544 FastUserSwitchingCompatibility - ok
23:34:36.0678 1544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:34:36.0678 1544 Fdc - ok
23:34:36.0756 1544 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
23:34:36.0772 1544 Fips - ok
23:34:36.0866 1544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:34:36.0928 1544 Flpydisk - ok
23:34:37.0662 1544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:34:37.0741 1544 FltMgr - ok
23:34:39.0491 1544 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:34:39.0616 1544 FontCache3.0.0.0 - ok
23:34:39.0756 1544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:39.0772 1544 Fs_Rec - ok
23:34:39.0959 1544 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:39.0959 1544 Ftdisk - ok
23:34:40.0287 1544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:40.0334 1544 Gpc - ok
23:34:40.0631 1544 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:34:40.0709 1544 helpsvc - ok
23:34:40.0725 1544 HidServ - ok
23:34:40.0819 1544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:34:40.0819 1544 HidUsb - ok
23:34:41.0194 1544 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
23:34:41.0272 1544 hkmsvc - ok
23:34:41.0287 1544 hpn - ok
23:34:41.0975 1544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:42.0084 1544 HTTP - ok
23:34:42.0147 1544 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
23:34:42.0256 1544 HTTPFilter - ok
23:34:42.0272 1544 i2omgmt - ok
23:34:42.0272 1544 i2omp - ok
23:34:42.0334 1544 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:34:42.0350 1544 i8042prt - ok
23:34:44.0616 1544 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:34:44.0834 1544 idsvc - ok
23:34:46.0162 1544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:34:46.0303 1544 Imapi - ok
23:34:51.0866 1544 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
23:34:52.0397 1544 ImapiService - ok
23:34:52.0412 1544 ini910u - ok
23:34:52.0428 1544 IntelIde - ok
23:34:53.0444 1544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:34:53.0756 1544 Ip6Fw - ok
23:34:54.0381 1544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:34:54.0428 1544 IpFilterDriver - ok
23:34:54.0850 1544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:34:54.0850 1544 IpInIp - ok
23:34:56.0850 1544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:34:57.0037 1544 IpNat - ok
23:34:57.0537 1544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:34:57.0584 1544 IPSec - ok
23:34:57.0866 1544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:34:57.0975 1544 IRENUM - ok
23:34:58.0287 1544 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:34:58.0319 1544 isapnp - ok
23:35:01.0069 1544 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
23:35:01.0194 1544 JavaQuickStarterService - ok
23:35:01.0241 1544 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:01.0241 1544 Kbdclass - ok
23:35:01.0475 1544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:01.0553 1544 KSecDD - ok
23:35:01.0647 1544 lanmanserver (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
23:35:01.0803 1544 lanmanserver - ok
23:35:01.0959 1544 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
23:35:02.0069 1544 lanmanworkstation - ok
23:35:02.0084 1544 lbrtfdc - ok
23:35:02.0178 1544 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
23:35:02.0178 1544 LmHosts - ok
23:35:02.0491 1544 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
23:35:02.0600 1544 MDM - ok
23:35:02.0662 1544 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
23:35:02.0662 1544 Messenger - ok
23:35:02.0709 1544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:02.0725 1544 mnmdd - ok
23:35:02.0975 1544 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
23:35:03.0037 1544 mnmsrvc - ok
23:35:03.0256 1544 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
23:35:03.0272 1544 Modem - ok
23:35:03.0350 1544 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:03.0350 1544 Mouclass - ok
23:35:03.0412 1544 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:03.0412 1544 mouhid - ok
23:35:03.0506 1544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:03.0506 1544 MountMgr - ok
23:35:03.0522 1544 mraid35x - ok
23:35:03.0600 1544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:03.0616 1544 MRxDAV - ok
23:35:03.0897 1544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:03.0991 1544 MRxSmb - ok
23:35:04.0053 1544 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
23:35:04.0053 1544 MSDTC - ok
23:35:04.0131 1544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:35:04.0131 1544 Msfs - ok
23:35:04.0162 1544 MSIServer - ok
23:35:04.0272 1544 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~2\MSI\MSIWDev\DVDSYS32_100507.sys
23:35:04.0459 1544 MSI_DVD_010507 - ok
23:35:04.0522 1544 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~2\MSI\MSIWDev\msibios32_100507.sys
23:35:04.0522 1544 MSI_MSIBIOS_010507 - ok
23:35:04.0584 1544 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~2\MSI\MSIWDev\VGASYS32_100507.sys
23:35:04.0600 1544 MSI_VGASYS_010507 - ok
23:35:04.0647 1544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:04.0756 1544 mssmbios - ok
23:35:04.0803 1544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:35:04.0803 1544 Mup - ok
23:35:05.0256 1544 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
23:35:05.0303 1544 napagent - ok
23:35:05.0506 1544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:05.0600 1544 NDIS - ok
23:35:05.0678 1544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:05.0678 1544 NdisTapi - ok
23:35:05.0803 1544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:05.0850 1544 Ndisuio - ok
23:35:05.0912 1544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:05.0912 1544 NdisWan - ok
23:35:06.0116 1544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:06.0116 1544 NDProxy - ok
23:35:06.0178 1544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:06.0178 1544 NetBIOS - ok
23:35:06.0459 1544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:06.0475 1544 NetBT - ok
23:35:06.0584 1544 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
23:35:06.0600 1544 NetDDE - ok
23:35:06.0647 1544 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
23:35:06.0647 1544 NetDDEdsdm - ok
23:35:06.0741 1544 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
23:35:06.0741 1544 Netlogon - ok
23:35:06.0881 1544 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
23:35:06.0991 1544 Netman - ok
23:35:07.0412 1544 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:35:07.0553 1544 NetTcpPortSharing - ok
23:35:07.0694 1544 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
23:35:07.0709 1544 Nla - ok
23:35:07.0741 1544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:07.0741 1544 Npfs - ok
23:35:07.0991 1544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:08.0256 1544 Ntfs - ok
23:35:08.0272 1544 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
23:35:08.0272 1544 NtLmSsp - ok
23:35:08.0616 1544 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
23:35:08.0694 1544 NtmsSvc - ok
23:35:08.0756 1544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:08.0756 1544 Null - ok
23:35:10.0069 1544 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:35:10.0569 1544 nv - ok
23:35:14.0725 1544 NVENET (aefebe72924ade60ec4a0a98a4bf86f1) C:\WINDOWS\system32\DRIVERS\NVENET.sys
23:35:14.0741 1544 NVENET - ok
23:35:14.0834 1544 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
23:35:14.0850 1544 NVSvc - ok
23:35:15.0006 1544 nv_agp (ef5bacfc62df9ee2842db2599e2a92d1) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
23:35:15.0022 1544 nv_agp - ok
23:35:15.0084 1544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:15.0084 1544 NwlnkFlt - ok
23:35:15.0116 1544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:15.0116 1544 NwlnkFwd - ok
23:35:15.0366 1544 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
23:35:15.0475 1544 ose - ok
23:35:15.0553 1544 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
23:35:15.0553 1544 Parport - ok
23:35:15.0725 1544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:15.0725 1544 PartMgr - ok
23:35:15.0834 1544 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:15.0850 1544 ParVdm - ok
23:35:15.0866 1544 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:15.0866 1544 PCI - ok
23:35:15.0897 1544 PCIDump - ok
23:35:15.0912 1544 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:35:15.0928 1544 PCIIde - ok
23:35:15.0975 1544 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:35:15.0991 1544 Pcmcia - ok
23:35:16.0053 1544 Pctspk (c62f4ddc0ac69a790d8c6bfa02ef38d0) C:\WINDOWS\system32\pctspk.exe
23:35:16.0069 1544 Pctspk - ok
23:35:16.0084 1544 PDCOMP - ok
23:35:16.0100 1544 PDFRAME - ok
23:35:16.0131 1544 PDRELI - ok
23:35:16.0147 1544 PDRFRAME - ok
23:35:16.0162 1544 perc2 - ok
23:35:16.0178 1544 perc2hib - ok
23:35:16.0334 1544 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
23:35:16.0334 1544 PlugPlay - ok
23:35:16.0412 1544 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
23:35:16.0412 1544 PolicyAgent - ok
23:35:16.0475 1544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:16.0506 1544 PptpMiniport - ok
23:35:16.0522 1544 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
23:35:16.0522 1544 ProtectedStorage - ok
23:35:16.0616 1544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:16.0662 1544 PSched - ok
23:35:16.0725 1544 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
23:35:16.0725 1544 PSI - ok
23:35:16.0819 1544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:16.0819 1544 Ptilink - ok
23:35:16.0881 1544 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
23:35:16.0944 1544 Ptserlp - ok
23:35:16.0959 1544 ql1080 - ok
23:35:16.0975 1544 Ql10wnt - ok
23:35:16.0991 1544 ql12160 - ok
23:35:17.0022 1544 ql1240 - ok
23:35:17.0037 1544 ql1280 - ok
23:35:17.0209 1544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:17.0412 1544 RasAcd - ok
23:35:17.0506 1544 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
23:35:17.0506 1544 RasAuto - ok
23:35:17.0569 1544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:17.0569 1544 Rasl2tp - ok
23:35:17.0741 1544 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
23:35:17.0772 1544 RasMan - ok
23:35:17.0834 1544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:17.0834 1544 RasPppoe - ok
23:35:17.0866 1544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:17.0866 1544 Raspti - ok
23:35:17.0975 1544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:17.0991 1544 Rdbss - ok
23:35:18.0022 1544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:18.0022 1544 RDPCDD - ok
23:35:18.0147 1544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:35:18.0147 1544 rdpdr - ok
23:35:18.0319 1544 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:18.0350 1544 RDPWD - ok
23:35:18.0475 1544 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
23:35:18.0475 1544 RDSessMgr - ok
23:35:18.0522 1544 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:18.0522 1544 redbook - ok
23:35:18.0662 1544 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
23:35:18.0662 1544 RemoteAccess - ok
23:35:18.0725 1544 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
23:35:18.0725 1544 RemoteRegistry - ok
23:35:18.0850 1544 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
23:35:18.0866 1544 RpcLocator - ok
23:35:19.0037 1544 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
23:35:19.0053 1544 RpcSs - ok
23:35:19.0162 1544 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
23:35:19.0162 1544 RSVP - ok
23:35:19.0366 1544 RTL8187B (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
23:35:19.0428 1544 RTL8187B - ok
23:35:19.0491 1544 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
23:35:19.0491 1544 SamSs - ok
23:35:19.0616 1544 SASDIFSV (39763504067962108505bff25f024345) C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
23:35:19.0678 1544 SASDIFSV - ok
23:35:19.0741 1544 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS
23:35:19.0772 1544 SASKUTIL - ok
23:35:19.0928 1544 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
23:35:19.0944 1544 SCardSvr - ok
23:35:20.0084 1544 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
23:35:20.0084 1544 Schedule - ok
23:35:20.0694 1544 SDScannerService (8dcd2c2aa1debe7edaac90e398765976) C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
23:35:20.0803 1544 SDScannerService - ok
23:35:21.0397 1544 SDUpdateService (5de1be0423c8cc00e8c47dbf4f987dd4) C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
23:35:21.0741 1544 SDUpdateService - ok
23:35:22.0209 1544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:22.0209 1544 Secdrv - ok
23:35:22.0287 1544 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
23:35:22.0287 1544 seclogon - ok
23:35:22.0350 1544 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
23:35:22.0350 1544 SENS - ok
23:35:22.0397 1544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:22.0397 1544 serenum - ok
23:35:22.0444 1544 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:22.0444 1544 Serial - ok
23:35:22.0584 1544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:22.0584 1544 Sfloppy - ok
23:35:22.0787 1544 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
23:35:22.0787 1544 SharedAccess - ok
23:35:22.0959 1544 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
23:35:22.0959 1544 ShellHWDetection - ok
23:35:22.0991 1544 Simbad - ok
23:35:23.0006 1544 Sparrow - ok
23:35:23.0053 1544 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:35:23.0053 1544 Spooler - ok
23:35:23.0147 1544 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:23.0147 1544 sr - ok
23:35:23.0225 1544 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
23:35:23.0272 1544 srservice - ok
23:35:23.0475 1544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:23.0537 1544 Srv - ok
23:35:23.0616 1544 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
23:35:23.0616 1544 SSDPSRV - ok
23:35:23.0694 1544 ST330 (c9fa6a70c051fc59d22c2e4cd211ad9b) C:\WINDOWS\system32\drivers\st330.sys
23:35:23.0694 1544 ST330 - ok
23:35:23.0866 1544 st330service - ok
23:35:23.0944 1544 STBUS (0017202eb0224f82706f04ed35ab23c2) C:\WINDOWS\system32\drivers\stbus.sys
23:35:23.0944 1544 STBUS - ok
23:35:24.0116 1544 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
23:35:24.0147 1544 stisvc - ok
23:35:24.0225 1544 stppp (0a9484e3cdafb529b392b5e9ebbc4aa6) C:\WINDOWS\system32\DRIVERS\stppp.sys
23:35:24.0287 1544 stppp - ok
23:35:24.0334 1544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:24.0334 1544 swenum - ok
23:35:24.0366 1544 SwPrv - ok
23:35:24.0397 1544 symc810 - ok
23:35:24.0412 1544 symc8xx - ok
23:35:24.0428 1544 sym_hi - ok
23:35:24.0444 1544 sym_u3 - ok
23:35:24.0506 1544 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
23:35:24.0537 1544 SysmonLog - ok
23:35:24.0616 1544 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
23:35:24.0647 1544 TapiSrv - ok
23:35:25.0397 1544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:25.0537 1544 Tcpip - ok
23:35:25.0647 1544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:25.0647 1544 TDPIPE - ok
23:35:25.0741 1544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:25.0756 1544 TDTCP - ok
23:35:25.0787 1544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:25.0787 1544 TermDD - ok
23:35:25.0912 1544 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
23:35:25.0944 1544 TermService - ok
23:35:26.0069 1544 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
23:35:26.0069 1544 Themes - ok
23:35:26.0162 1544 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
23:35:26.0178 1544 TlntSvr - ok
23:35:26.0194 1544 TosIde - ok
23:35:26.0272 1544 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
23:35:26.0272 1544 TrkWks - ok
23:35:26.0397 1544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:35:26.0428 1544 Udfs - ok
23:35:26.0444 1544 ultra - ok
23:35:26.0647 1544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:35:26.0709 1544 Update - ok
23:35:26.0834 1544 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
23:35:26.0897 1544 upnphost - ok
23:35:26.0928 1544 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
23:35:26.0928 1544 UPS - ok
23:35:27.0006 1544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:27.0006 1544 usbhub - ok
23:35:27.0053 1544 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:35:27.0053 1544 usbohci - ok
23:35:27.0116 1544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:27.0131 1544 usbprint - ok
23:35:27.0225 1544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:27.0225 1544 USBSTOR - ok
23:35:27.0428 1544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:35:27.0428 1544 VgaSave - ok
23:35:27.0444 1544 ViaIde - ok
23:35:28.0912 1544 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
23:35:28.0991 1544 Vmodem - ok
23:35:29.0053 1544 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:29.0069 1544 VolSnap - ok
23:35:29.0272 1544 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
23:35:29.0334 1544 Vpctcom - ok
23:35:29.0475 1544 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
23:35:29.0522 1544 VSS - ok
23:35:29.0569 1544 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
23:35:29.0569 1544 Vvoice - ok
23:35:29.0725 1544 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
23:35:29.0756 1544 W32Time - ok
23:35:29.0819 1544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:29.0881 1544 Wanarp - ok
23:35:29.0897 1544 WDICA - ok
23:35:29.0991 1544 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
23:35:29.0991 1544 WebClient - ok
23:35:30.0147 1544 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:35:30.0178 1544 winmgmt - ok
23:35:30.0772 1544 WinRM (74d92d14580fe46fc5a57957c8cc038f) C:\WINDOWS\system32\WsmSvc.dll
23:35:31.0084 1544 WinRM - ok
23:35:31.0225 1544 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:35:31.0225 1544 WmdmPmSN - ok
23:35:31.0569 1544 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
23:35:31.0600 1544 Wmi - ok
23:35:31.0756 1544 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:35:31.0756 1544 WmiApSrv - ok
23:35:32.0334 1544 WMPNetworkSvc (f30dc8f80cf65a323e8b6a2db81561e3) C:\Programmi\Windows Media Player\WMPNetwk.exe
23:35:32.0444 1544 WMPNetworkSvc - ok
23:35:32.0569 1544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:35:32.0569 1544 WS2IFSL - ok
23:35:32.0678 1544 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
23:35:32.0725 1544 wscsvc - ok
23:35:32.0741 1544 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
23:35:32.0787 1544 wuauserv - ok
23:35:32.0928 1544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:35:32.0959 1544 WudfPf - ok
23:35:33.0022 1544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:35:33.0022 1544 WudfRd - ok
23:35:33.0084 1544 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:35:33.0084 1544 WudfSvc - ok
23:35:33.0475 1544 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
23:35:33.0522 1544 WZCSVC - ok
23:35:33.0616 1544 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
23:35:33.0631 1544 xmlprov - ok
23:35:33.0725 1544 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
23:35:38.0569 1544 \Device\Harddisk0\DR0 - ok
23:35:38.0616 1544 Boot (0x1200) (eea7aeed644a00fc58222ce7012fa8a3) \Device\Harddisk0\DR0\Partition0
23:35:38.0647 1544 \Device\Harddisk0\DR0\Partition0 - ok
23:35:38.0647 1544 ============================================================
23:35:38.0647 1544 Scan finished
23:35:38.0647 1544 ============================================================
23:35:39.0412 1532 Detected object count: 0
23:35:39.0428 1532 Actual detected object count: 0

=== aswMBR ===
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 23:42:22
-----------------------------
23:42:22.897 OS Version: Windows 5.1.2600 Service Pack 3
23:42:22.897 Number of processors: 1 586 0x800
23:42:22.897 ComputerName: STUDIOCHEPPI UserName:
23:42:24.725 Initialize success
00:00:40.834 AVAST engine defs: 12051701
00:07:05.350 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:07:05.397 Disk 0 Vendor: ST340810A 5.46 Size: 38166MB BusType: 3
00:07:05.412 Disk 0 MBR read successfully
00:07:05.412 Disk 0 MBR scan
00:07:07.834 Disk 0 Windows XP default MBR code
00:07:07.850 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
00:07:09.069 Disk 0 scanning sectors +78140160
00:07:09.537 Disk 0 scanning C:\WINDOWS\system32\drivers
00:07:45.319 Service scanning
00:08:29.381 Modules scanning
00:08:52.959 Disk 0 trace - called modules:
00:08:52.975 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:08:52.991 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b77030]
00:08:53.069 3 CLASSPNP.SYS[f9a72fd7] -> nt!IofCallDriver -> \Device\00000063[0x81bd2f18]
00:08:53.069 5 ACPI.sys[f99e9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81b8f230]
00:08:54.866 AVAST engine scan C:\WINDOWS
00:09:14.803 AVAST engine scan C:\WINDOWS\system32
00:13:45.444 AVAST engine scan C:\WINDOWS\system32\drivers
00:14:07.037 AVAST engine scan C:\Documents and Settings\Annalisa Cheppi
00:16:13.928 AVAST engine scan C:\Documents and Settings\All Users
00:16:29.272 Scan finished successfully
00:17:09.006 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\All Users\Documenti\MBR.dat"
00:17:09.006 The log file has been saved successfully to "C:\Documents and Settings\All Users\Documenti\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 17 May 2012 - 08:38 PM

Greetings


I tested the browsers and problem is no more present. How is this possible?

Afraid of me!! :whistle:


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\nvsvc32E.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Enzo d

Enzo d
  • Topic Starter

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 18 May 2012 - 07:07 AM

computer is acting well, no problem found. Have we won the war?

=== COMBOFIX LOG ===


ComboFix 12-05-15.04 - Annalisa Cheppi 18/05/2012 12.45.55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.255.127 [GMT 2:00]
Eseguito da: c:\documents and settings\Annalisa Cheppi\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Annalisa Cheppi\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\nvsvc32E.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\host_new
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-18 al 2012-05-18 )))))))))))))))))))))))))))))))))))
.
.
2012-05-17 23:05 . 2012-05-17 23:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 23:05 . 2012-05-17 23:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 21:45 . 2012-05-16 21:45 -------- d-----w- c:\documents and settings\Annalisa Cheppi\Impostazioni locali\Dati applicazioni\Sun
2012-05-15 19:24 . 2012-05-15 19:25 -------- d-----w- c:\programmi\Metapad
2012-05-15 07:33 . 2012-05-15 07:33 -------- d-----w- c:\programmi\File comuni\Java
2012-05-15 07:20 . 2012-05-15 07:20 -------- d-----w- c:\programmi\Oracle
2012-05-15 07:19 . 2012-05-15 07:19 -------- d-----w- c:\documents and settings\Annalisa Cheppi\Dati applicazioni\Oracle
2012-05-15 07:18 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-15 07:18 . 2012-04-04 16:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 07:18 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 07:15 . 2012-05-15 07:15 -------- d-----w- c:\programmi\Java
2012-05-14 23:28 . 2012-05-14 23:28 -------- d-----w- c:\programmi\ESET
2012-05-14 21:47 . 2012-05-14 21:47 -------- d-----w- c:\documents and settings\Annalisa Cheppi\Dati applicazioni\SUPERAntiSpyware.com
2012-05-14 21:45 . 2012-05-14 21:47 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-05-14 21:45 . 2012-05-14 21:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2012-05-14 21:41 . 2012-05-14 21:41 -------- d-----w- C:\ProcAlyzer Dumps
2012-05-14 20:25 . 2012-05-14 20:25 -------- d-----w- c:\documents and settings\Annalisa Cheppi\Dati applicazioni\Malwarebytes
2012-05-14 20:24 . 2012-05-14 20:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-05-14 20:24 . 2012-05-14 20:25 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-05-14 20:24 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 20:23 . 2012-05-15 05:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2012-05-14 20:22 . 2009-01-25 10:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-05-14 20:22 . 2012-05-14 21:36 -------- d-----w- c:\programmi\Spybot - Search & Destroy 2
2012-05-14 14:44 . 2012-05-14 14:44 -------- d-----w- c:\documents and settings\Annalisa Cheppi\Dati applicazioni\fifa
2012-05-14 08:16 . 2012-05-14 08:16 151552 --sha-r- c:\windows\system32\nvsvc32E.dll
2012-05-10 07:02 . 2012-05-10 07:02 -------- d-----w- c:\documents and settings\Annalisa Cheppi\.phet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:51 . 2004-08-19 15:34 2072832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-20 03:31 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2004-08-20 03:34 2196352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 11:00 . 2004-08-20 03:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-20 03:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-20 03:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-20 03:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-20 03:39 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-20 03:26 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_00.24.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-17 23:40 . 2012-05-17 23:40 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-05-17 23:05 . 2012-05-17 23:05 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-17 23:05 . 2012-05-17 23:05 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-05-17 23:05 . 2012-05-17 23:05 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-05-17 23:14 . 2012-05-17 23:14 2309632 c:\windows\Installer\68d780.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\7cd5de.msp
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2001-11-28 45056]
"diagnostics"="C:\Programmi/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2010-09-03 557149]
"SDTray"="c:\programmi\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
"Spybot-S&D Cleaning"="c:\programmi\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Auto connessione ad internet.lnk - c:\programmi\Thomson SpeedTouch\ST330\service\autoconnect.bat [2010-9-20 409]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Thomson SpeedTouch\\ST330\\WebInstaller\\STHIW\\stInstall.exe"=
"c:\\Programmi\\Thomson SpeedTouch\\ST330\\service\\st330service.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23.55.22 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCore.exe [12/08/2011 1.38.07 116608]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [19/08/2010 0.43.10 20328]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [31/03/2010 6.58.48 342784]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [26/09/2010 22.30.01 56088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/05/2012 1.05.24 257696]
S3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [28/08/2010 23.56.52 36256]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~2\MSI\MSIWDev\DVDSYS32_100507.sys [10/05/2010 10.44.48 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~2\MSI\MSIWDev\msibios32_100507.sys [10/05/2010 10.44.42 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~2\MSI\MSIWDev\VGASYS32_100507.sys [10/05/2010 10.44.36 16696]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 16.05.32 14904]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [29/08/2010 18.17.14 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [29/08/2010 18.17.14 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [29/08/2010 18.17.15 32000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 23:05]
.
2012-05-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDUpdate.exe [2012-05-14 15:19]
.
2012-05-17 c:\windows\Tasks\ecku.job
- c:\windows\system32\nvsvc32E.dll [2012-05-14 08:16]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1965331169-725345543-1003Core.job
- c:\documents and settings\Annalisa Cheppi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-08-18 02:34]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1965331169-725345543-1003UA.job
- c:\documents and settings\Annalisa Cheppi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-08-18 02:34]
.
2012-05-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDImmunize.exe [2012-05-14 15:19]
.
2012-05-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDScan.exe [2012-05-14 15:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 12:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Programmi/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2012-05-18 13:02:54
ComboFix-quarantined-files.txt 2012-05-18 11:02
ComboFix2.txt 2012-05-16 00:30
.
Pre-Run: 27.962.175.488 byte disponibili
Post-Run: 27.916.709.888 byte disponibili
.
- - End Of File - - 724979826AF784865FD821B811277739

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 18 May 2012 - 07:46 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Enzo d

Enzo d
  • Topic Starter

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 18 May 2012 - 05:49 PM

=== MBAM ===
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.05.18.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Annalisa Cheppi :: STUDIOCHEPPI [amministratore]

18/05/2012 23.52.30
mbam-log-2012-05-18 (23-52-30).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 211022
Tempo impiegato: 16 minuti, 54 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

=== HIJACK THIS ===
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0.26.30, on 19/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Annalisa Cheppi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Annalisa Cheppi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Annalisa Cheppi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Annalisa Cheppi\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programmi\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programmi\WOT\WOT.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Programmi/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:it
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Programmi\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Auto connessione ad internet.lnk = C:\Programmi\Thomson SpeedTouch\ST330\service\autoconnect.bat
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282093470781
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programmi\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Programmi/Thomson SpeedTouch/ST330/service/st330service.exe

--
End of file - 7429 bytes

=== Problems ===
Error during HiJackThis (something like invalid regedit call, please submit a report, then opened the url trendmicro.custhelp.com - or something like this - but the domain doesn't work - as opendns says). After that error the process continued without problems.

MBAM took a lot of time to closing (but it was no more scanning) and it got all my resources, I had to kill it with task manager.

=== How computer goes ===
Maybe too slow. Maybe.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 18 May 2012 - 08:37 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Enzo d

Enzo d
  • Topic Starter

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 19 May 2012 - 08:15 AM

Hi Gringo,

all went fine, also ESET says it's all right.
After your register tweak PC is fastest.

There is a last strange behaviour.

Chkdsk gives these errors:
Il file system è di tipo NTFS.

Avvertenza! Parametro F non specificato
CHKDSK eseguito in modalità sola lettura.

Verifica dei file in corso (fase 1 di 3)...
Verifica file completata.
Verifica degli indici in corso (fase 2 di 3)...
Eliminazione della voce di indice clients[2].txt nell'indice $I30 del file 3325.

Eliminazione della voce di indice CLIENT~2.TXT nell'indice $I30 del file 3325.
Eliminazione della voce di indice integrity-local[1].txt nell'indice $I30 del file 3339.
Eliminazione della voce di indice INTEGR~1.TXT nell'indice $I30 del file 3339.
Eliminazione della voce di indice integrity-local[1].txt nell'indice $I30 del file 3344.
Eliminazione della voce di indice INTEGR~1.TXT nell'indice $I30 del file 3344.
Verifica indici completata.

Trovati errori. Impossibile proseguire CHKDSK in modalità sola lettura.


So it founds errors and can't correct them. So I launch chkdsk /f, it asks for a chkdsk after reboot, I confirm, I reboot and chkdsk starts (before Windows XP starts) and doesn't find any error or problem. Then PC reboots, Windows XP starts and I relaunch chkdsk and again I get these errors. I tried twice. I also tried HD Tune and no bad sector was found.

I googled for "integrity-local[1].txt" and "CLIENT~2.TXT" but I didn't understand if they are harmful or not ...

Edited by Enzo d, 19 May 2012 - 08:16 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 19 May 2012 - 01:02 PM

Greetings

I don't think it is bad




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Enzo d

Enzo d
  • Topic Starter

  • Banned Spammer
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 19 May 2012 - 05:14 PM

Thank you, man, all done.

You are a rockstar!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 19 May 2012 - 06:14 PM

You are more than welcome and glad I was able to help


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 21 May 2012 - 11:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users