Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my log...when I try to remove trojan bnk (xp security 2013)


  • This topic is locked This topic is locked
23 replies to this topic

#1 flynow

flynow

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 12 October 2012 - 11:11 AM

this is "combofix log"...thank you so much!



ComboFix 12-10-12.01 - lucia 12/10/2012 12.36.34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.721 [GMT 2:00]
Eseguito da: c:\documents and settings\lucia\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-55E1-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5AF1-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\lucia\Impostazioni locali\Dati applicazioni\uob.exe
c:\documents and settings\lucia\WINDOWS
c:\documents and settings\lucia\winlogon.exe
c:\windows\IsUn0410.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\crrss.exe
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-12 al 2012-10-12 )))))))))))))))))))))))))))))))))))
.
.
2012-10-11 23:10 . 2012-10-11 23:10 -------- d-----w- c:\documents and settings\lucia\Dati applicazioni\Optimizer Pro
2012-10-11 23:08 . 2012-10-11 23:08 -------- d-----w- c:\documents and settings\lucia\Impostazioni locali\Dati applicazioni\Wajam
2012-10-11 23:08 . 2012-10-11 23:08 -------- d-----w- c:\programmi\Optimizer Pro
2012-10-11 23:07 . 2012-10-11 23:15 -------- d-----w- c:\programmi\Wajam
2012-10-11 22:34 . 2012-10-12 09:55 -------- d-----w- c:\programmi\File comuni\PC Tools
2012-10-11 22:32 . 2012-10-11 22:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2012-10-11 22:32 . 2012-10-11 22:32 -------- d-----w- c:\documents and settings\lucia\Dati applicazioni\TestApp
2012-09-17 11:59 . 2012-09-17 11:59 -------- d-----w- c:\documents and settings\lucia\Impostazioni locali\Dati applicazioni\Mozilla
2012-09-17 11:58 . 2012-09-17 11:58 -------- d-----w- c:\programmi\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 15:05 . 2004-09-06 17:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-09-06 17:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-09-06 17:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-09-06 17:58 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-09-06 17:59 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-09-06 01:26 . 2012-09-17 11:58 266720 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"="c:\programmi\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"ModemListener"="c:\programmi\HSPA USB MODEM\ModemListener.exe" [2010-05-10 98304]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Lexmark 2200 Series"="c:\programmi\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"FaxCenterServer"="c:\programmi\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 294912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Searchqu Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
.
R2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
R2 NAUpdate;@c:\programmi\Nero\Update\NASvc.exe,-200;c:\programmi\Nero\Update\NASvc.exe [04/03/2011 11.39.14 584488]
R2 WajamUpdater;WajamUpdater;c:\programmi\Wajam\Updater\WajamUpdater.exe [05/10/2012 17.08.42 109064]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [15/03/2005 22.18.15 191092]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [09/04/2011 16.09.21 105344]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [15/03/2005 22.18.15 6100]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [17/09/2012 13.58.41 114144]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 172.16.255.251
FF - ProfilePath - c:\documents and settings\lucia\Dati applicazioni\Mozilla\Firefox\Profiles\osarqjz6.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2650492559-409509572-607899947-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programmi\File comuni\DeviceHelper\DeviceManager.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
c:\programmi\Lexmark 2200 Series\lxbvbmon.exe
c:\programmi\Optimizer Pro\OptProSmartScan.exe
c:\programmi\Optimizer Pro\OptProReminder.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\SoftwareDistribution\Download\d0394dde693c15c2311f3eafbe285eee\update\update.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-12 12:56:39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-12 10:56
.
Pre-Run: 63.266.373.632 byte disponibili
Post-Run: 63.169.523.712 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition SP2" /noexecute=optin /fastdetect
.
- - End Of File - - E622368B298DCA367349F5DEDC8056BF

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 14 October 2012 - 01:01 PM

Please download and run rkill

Note: Vista and Windows 7 users need to right click on the file and choose Run as administrator
post the resulting log



NEXT



Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Edited by CatByte, 14 October 2012 - 01:03 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 October 2012 - 07:29 AM

Rkill log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/16/2012 02:30:31 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/16/2012 02:32:05 PM
Execution time: 0 hours(s), 1 minute(s), and 34 seconds(s)

#4 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 October 2012 - 07:44 AM

I try to run adw cleaner but I have this problem:
Virus Download Blocked
Download of the virus has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.

File name: adwcleaner.exe

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 16 October 2012 - 09:06 AM

is this a company machine?

If so they have set policies to restrict downloads, do you have an IT department?

If so, you should contact them to resolve this infection

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 October 2012 - 10:02 AM

No, it's a personal computer,it's used only by me.
I'm worry after your reply.

This is malwarebytes anti-malware log, thanks a lot!

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Versione database: v2012.09.07.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
lucia :: NOME-4DD6A765B7 [amministratore]

16/10/2012 15.00.38
mbam-log-2012-10-16 (15-00-38).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 235466
Tempo impiegato: 1 ore, 11 minuti, 51 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 1
HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Dati: 0 -> Spostato in quarantena ed eliminato con successo.

Voci rilevate nei dati di registro: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Cattivo: ("C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\uob.exe" -a "C:\Programmi\Mozilla Firefox\firefox.exe" -safe-mode) Buono: (firefox.exe -safe-mode) -> Spostato in quarantena e riparato con successo.

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 2
C:\Documents and Settings\lucia\Desktop\INFORMATICA\programmi esame\SoftonicDownloader_per_audacity.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\lucia\uidsave.dat (Malware.Trace) -> Spostato in quarantena ed eliminato con successo.

(fine)

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 16 October 2012 - 10:33 AM

what browser are you using to download? Perhaps the security settings are a little too high (restricting everything?)

or it may be a setting in Avira, try disabling Avira while you download adwCleaner, then re-enable it.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 October 2012 - 11:27 AM

I used internet explorer.
I uninstall avira two days ago and I install AVG.
Sometimes I see a message of Avg : a large part of memory is used by IE,maybe this is the problem(?)...I don't know.
Is my pc infected yet?(Do you see log of mbam?)
Thank you so much!

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 16 October 2012 - 11:32 AM

try booting into safe mode with networking, then try downloading adwcleaner

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account


NEXT

Please move on to the ESET scan if you are still unable to download and run adwCleaner


then run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 October 2012 - 05:35 PM

OTL Extras logfile created on: 16/10/2012 23.40.33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lucia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 602,17 Mb Available Physical Memory | 58,84% Memory free
2,40 Gb Paging File | 1,93 Gb Available in Paging File | 80,48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 70,37 Gb Total Space | 57,68 Gb Free Space | 81,97% Space Free | Partition Type: NTFS
Drive D: | 3,98 Gb Total Space | 3,98 Gb Free Space | 99,96% Space Free | Partition Type: FAT32

Computer Name: NOME-4DD6A765B7 | User Name: lucia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programmi\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Programmi\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Programmi\AVG\AVG2013\avgnsx.exe" = C:\Programmi\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2013\avgdiagex.exe" = C:\Programmi\AVG\AVG2013\avgdiagex.exe:*:Enabled:Diagnostica AVG 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2013\avgmfapx.exe" = C:\Programmi\AVG\AVG2013\avgmfapx.exe:*:Enabled:Installazione di AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2013\avgemcx.exe" = C:\Programmi\AVG\AVG2013\avgemcx.exe:*:Enabled:Scansione e-mail personale -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0680FE0B-DEBA-419F-A0AC-8D990F32DE60}" = AVG 2013
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2B8151AE-7D9A-4A1C-8C94-CBCC7A45BB23}" = AVG 2013
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{901C0410-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{91120410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Italiano
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DB8CEC42-30B1-4F49-BD06-9393EB81CCF7}" = SPSS 13.0 for Windows
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Programma di disinstallazione
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2013
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner (remove only)
"GenoPro" = GenoPro 2.5.3.8
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Soluzioni per l'invio di fax Lexmark
"Lexmark 2200 Series" = Lexmark 2200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 it)" = Mozilla Firefox 15.0.1 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ODEUNST #1" = Pralp3
"Revo Uninstaller" = Revo Uninstaller 1.92
"Searchqu Toolbar" = Searchqu Toolbar
"SLAMRNTV" = Smart Link 56K Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.8
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR gestione archivi

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2012 19.34.31 | Computer Name = NOME-4DD6A765B7 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 12/10/2012 5.57.47 | Computer Name = NOME-4DD6A765B7 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo explorer.exe, versione 6.0.2900.5512, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 12/10/2012 6.07.23 | Computer Name = NOME-4DD6A765B7 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo explorer.exe, versione 6.0.2900.5512, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 12/10/2012 6.42.16 | Computer Name = NOME-4DD6A765B7 | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
a causa del seguente errore: A connection with the server could not be established


Error - 12/10/2012 6.50.26 | Computer Name = NOME-4DD6A765B7 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18,
modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo
errore 0x00037256.

Error - 12/10/2012 6.51.06 | Computer Name = NOME-4DD6A765B7 | Source = ESENT | ID = 490
Description = svchost (1232) Tentativo di apertura del file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
per accesso in lettura e scrittura non riuscito con errore di sistema 32 (0x00000020):
"Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione
di apertura del file non verrà effettuata con errore -1032 (0xfffffbf8).

Error - 12/10/2012 11.48.47 | Computer Name = NOME-4DD6A765B7 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18,
modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo
errore 0x00037256.

Error - 12/10/2012 12.23.13 | Computer Name = NOME-4DD6A765B7 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18,
modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo
errore 0x00037256.

Error - 12/10/2012 16.30.03 | Computer Name = NOME-4DD6A765B7 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avgnt.exe, versione 10.0.13.18,
modulo che ha provocato l'errore msvcr90.dll, versione 9.0.30729.4148, indirizzo
errore 0x00037256.

Error - 12/10/2012 16.51.21 | Computer Name = NOME-4DD6A765B7 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avguard.exe, versione 10.0.1.59,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x00bc7971.

[ System Events ]
Error - 16/10/2012 7.42.16 | Computer Name = NOME-4DD6A765B7 | Source = Service Control Manager | ID = 7006
Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
l'errore %%5.

Error - 16/10/2012 7.42.16 | Computer Name = NOME-4DD6A765B7 | Source = Service Control Manager | ID = 7006
Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
l'errore %%5.

Error - 16/10/2012 8.46.21 | Computer Name = NOME-4DD6A765B7 | Source = Windows Update Agent | ID = 16
Description = Impossibile stabilire la connessione. Impossibile connettersi al servizio
Aggiornamenti automatici e quindi scaricare e installare gli aggiornamenti in base
alla pianificazione impostata. Verranno effettuati altri tentativi di stabilire
una connessione.

Error - 16/10/2012 10.17.27 | Computer Name = NOME-4DD6A765B7 | Source = Service Control Manager | ID = 7006
Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
l'errore %%5.

Error - 16/10/2012 10.17.27 | Computer Name = NOME-4DD6A765B7 | Source = Service Control Manager | ID = 7006
Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
l'errore %%5.

Error - 16/10/2012 10.18.52 | Computer Name = NOME-4DD6A765B7 | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: IntelIde

Error - 16/10/2012 16.54.54 | Computer Name = NOME-4DD6A765B7 | Source = Service Control Manager | ID = 7006
Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
l'errore %%5.

Error - 16/10/2012 16.54.54 | Computer Name = NOME-4DD6A765B7 | Source = Service Control Manager | ID = 7006
Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
l'errore %%5.

Error - 16/10/2012 17.45.17 | Computer Name = NOME-4DD6A765B7 | Source = W32Time | ID = 39452689
Description = Time providerNtpClient: si è verificato un errore durante la ricerca
DNS del peer configurato manualmente 'time.windows.com,0x1'. NtpClient ritenterà
la ricerca DNS fra 15 minuti. Errore Tentativo di operazione del socket verso un
host non raggiungibile. (0x80072751)

Error - 16/10/2012 17.45.17 | Computer Name = NOME-4DD6A765B7 | Source = W32Time | ID = 39452701
Description = Il time provider NtpClient è configurato per acquisire l'ora da una
o più origini dell'ora, ma nessuna origine dell'ora è accessibile attualmente e non
verrà eseguito alcun tentativo di contattare un'origine per 14 minuti. NtpClient
non dispone di alcuna origine di ora esatta.


< End of report >



OTL logfile created on: 16/10/2012 23.40.33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lucia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 602,17 Mb Available Physical Memory | 58,84% Memory free
2,40 Gb Paging File | 1,93 Gb Available in Paging File | 80,48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 70,37 Gb Total Space | 57,68 Gb Free Space | 81,97% Space Free | Partition Type: NTFS
Drive D: | 3,98 Gb Total Space | 3,98 Gb Free Space | 99,96% Space Free | Partition Type: FAT32

Computer Name: NOME-4DD6A765B7 | User Name: lucia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/16 23.38.14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lucia\Desktop\OTL.exe
PRC - [2012/10/10 14.22.32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgui.exe
PRC - [2012/10/02 03.32.58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 03.32.56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgfws.exe
PRC - [2012/10/02 03.32.28 | 001,113,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/02 03.32.28 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/02 03.32.04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/02 03.31.54 | 000,793,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/02 03.31.48 | 000,439,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/07/08 17.11.04 | 001,825,720 | ---- | M] (Bandoo Media, inc) -- C:\Programmi\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/06/09 14.06.06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2011/03/04 11.39.14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Programmi\Nero\Update\NASvc.exe
PRC - [2010/05/10 14.03.10 | 000,098,304 | ---- | M] () -- C:\Programmi\HSPA USB MODEM\ModemListener.exe
PRC - [2009/11/17 10.44.54 | 000,040,960 | ---- | M] () -- C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
PRC - [2009/03/23 17.41.06 | 001,451,384 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/03/23 17.41.06 | 000,603,488 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/07 04.49.32 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/04/19 08.12.08 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2004/02/13 15.37.00 | 000,094,208 | ---- | M] (Jetsoft Development Company) -- C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
PRC - [2004/02/13 15.27.00 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/27 22.51.42 | 000,301,056 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
MOD - [2010/05/10 14.03.10 | 000,098,304 | ---- | M] () -- C:\Programmi\HSPA USB MODEM\ModemListener.exe
MOD - [2009/11/17 10.44.54 | 000,040,960 | ---- | M] () -- C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
MOD - [2009/03/23 17.40.06 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/03/23 17.38.08 | 000,069,697 | ---- | M] () -- C:\Programmi\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/08/12 16.10.50 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
MOD - [2004/02/04 15.27.38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2003/12/05 16.42.00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBVPP5C.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/02 03.32.58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03.32.56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/02 03.32.04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/06 03.25.06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/04 11.39.14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programmi\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/11/17 10.44.54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2004/04/19 08.12.08 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/10/05 03.26.22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03.30.38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03.46.06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03.46.00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03.45.54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/21 03.45.52 | 000,055,008 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 03.05.20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/13 03.11.20 | 000,177,504 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/01/12 19.52.06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19.52.06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/06/05 19.55.06 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.SYS -- (AF15BDA)
DRV - [2009/11/17 10.44.54 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2009/03/19 15.19.54 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/02/18 11.46.56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/10/30 23.19.14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/24 11.37.10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/04/13 20.46.22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/10 12.18.42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 11.57.44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/08/12 16.14.46 | 000,786,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00.31.34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/23 02.43.00 | 000,159,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2004/06/23 21.36.02 | 003,147,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51)
DRV - [2004/04/19 05.50.20 | 000,013,912 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/04/19 05.42.26 | 000,635,152 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/19 05.34.36 | 000,095,760 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/04/19 05.33.24 | 000,230,656 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/04/19 05.26.08 | 001,301,488 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/19 05.15.12 | 000,180,664 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/04/19 05.04.48 | 000,013,312 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/04/13 14.14.12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/02/12 04.18.46 | 000,191,092 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2004/01/28 17.15.00 | 000,006,100 | ---- | M] (O2 Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2650492559-409509572-607899947-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-2650492559-409509572-607899947-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2650492559-409509572-607899947-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2650492559-409509572-607899947-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/09/17 13.58.39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins

[2012/09/17 13.59.24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lucia\Dati applicazioni\Mozilla\Extensions
[2012/09/17 13.58.39 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/09/06 03.26.03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2012/09/06 06.44.22 | 000,001,393 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2012/09/06 06.44.22 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2012/09/06 06.44.22 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2012/09/06 06.44.23 | 000,000,817 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2012/09/06 06.44.23 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/09/06 06.44.23 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2012/10/12 12.48.27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Programmi\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programmi\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [FaxCenterServer] C:\Programmi\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Lexmark 2200 Series] C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [ModemListener] C:\Programmi\HSPA USB MODEM\ModemListener.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2650492559-409509572-607899947-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2650492559-409509572-607899947-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2650492559-409509572-607899947-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2650492559-409509572-607899947-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341677813842 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.255.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7B73A9A-8D62-40D7-8FE0-A898F63EBBAB}: DhcpNameServer = 172.16.255.251
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/15 22.15.04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/16 23.38.14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lucia\Desktop\OTL.exe
[2012/10/16 23.22.29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lucia\Recent
[2012/10/16 14.59.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Dati applicazioni\Malwarebytes
[2012/10/16 14.58.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2012/10/16 14.58.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2012/10/16 14.58.34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/16 14.58.34 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2012/10/13 21.17.38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/10/13 21.17.21 | 000,000,000 | ---D | C] -- C:\Programmi\MSBuild
[2012/10/13 21.17.12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/10/13 21.16.47 | 000,000,000 | ---D | C] -- C:\Programmi\Reference Assemblies
[2012/10/13 21.15.24 | 000,000,000 | ---D | C] -- C:\3bb6ccd7acb449a9d79fa085
[2012/10/12 23.32.06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/12 22.46.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Dati applicazioni\AVG2013
[2012/10/12 22.44.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\AVG
[2012/10/12 22.44.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Dati applicazioni\TuneUp Software
[2012/10/12 22.42.54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/10/12 22.42.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2013
[2012/10/12 22.41.16 | 000,000,000 | ---D | C] -- C:\Programmi\AVG
[2012/10/12 22.36.09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2012/10/12 22.36.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\Avg2013
[2012/10/12 22.36.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\MFAData
[2012/10/12 22.36.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2012/10/12 13.28.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dati applicazioni\Adobe
[2012/10/12 12.34.42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/12 12.31.05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/12 12.31.05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/12 12.31.05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/12 12.31.05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/12 12.30.07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/12 12.28.18 | 004,771,502 | R--- | C] (Swearware) -- C:\Documents and Settings\lucia\Desktop\ComboFix.exe
[2012/10/12 12.20.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/12 01.08.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\Wajam
[2012/10/12 00.48.50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/10/12 00.47.17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/10/12 00.42.47 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\lucia\Documenti\mbaaaaa.exe
[2012/10/12 00.34.12 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\PC Tools
[2012/10/12 00.32.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Tools
[2012/10/12 00.32.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Dati applicazioni\TestApp
[2012/10/11 23.25.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Documenti\Download
[2012/10/05 03.26.22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2012/10/02 03.30.38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/09/29 15.29.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Desktop\OTTOBRE
[2012/09/29 15.20.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Desktop\ORARI
[2012/09/21 03.46.06 | 000,164,832 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/09/21 03.46.00 | 000,177,376 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2012/09/21 03.45.54 | 000,019,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2012/09/21 03.45.52 | 000,055,008 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/09/17 13.59.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\Mozilla
[2012/09/17 13.59.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lucia\Dati applicazioni\Mozilla
[2012/09/17 13.58.41 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Maintenance Service
[2012/09/17 13.58.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Mozilla
[2012/09/17 13.58.35 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/16 23.38.14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lucia\Desktop\OTL.exe
[2012/10/16 22.54.09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/16 19.14.09 | 000,483,524 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/10/16 19.14.09 | 000,436,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/16 19.14.09 | 000,081,404 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/10/16 19.14.09 | 000,069,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/16 14.58.42 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/14 14.44.07 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/12 23.32.23 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/10/12 22.44.30 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/12 12.48.27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/12 12.34.52 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/10/12 12.19.58 | 004,771,502 | R--- | M] (Swearware) -- C:\Documents and Settings\lucia\Desktop\ComboFix.exe
[2012/10/12 12.11.48 | 000,009,226 | -HS- | M] () -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\6o4v7yr6ikfw18072u
[2012/10/12 12.11.48 | 000,009,226 | -HS- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\6o4v7yr6ikfw18072u
[2012/10/12 00.46.19 | 000,371,264 | ---- | M] () -- C:\Documents and Settings\lucia\Documenti\Spyware Doctor 5.5.exe
[2012/10/12 00.42.47 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\lucia\Documenti\mbaaaaa.exe
[2012/10/12 00.35.13 | 000,627,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/10/10 21.17.02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/05 03.26.22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2012/10/04 13.56.53 | 000,124,709 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\NUOVA.jpg
[2012/10/02 18.30.53 | 000,352,574 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0521.jpg
[2012/10/02 11.46.08 | 000,407,027 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\DIALOGHI PSICOTERAPIE IN EVOLUZIONE.pdf
[2012/10/02 03.30.38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/10/01 22.45.18 | 000,157,489 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\TIROOOOOC.pdf
[2012/09/30 13.55.48 | 000,367,183 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Copia (2) di Foto-0521.jpg
[2012/09/30 13.51.12 | 000,385,902 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Copia di Foto-0521.jpg
[2012/09/28 13.34.15 | 000,602,567 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\cds magistrali.pdf
[2012/09/25 21.26.38 | 000,049,571 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\iltuobigliettotrenitalia.zip
[2012/09/25 21.21.46 | 000,063,800 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\MARIALUCIA-PAPA-129265257296363897703307009.pdf
[2012/09/25 20.52.16 | 000,007,983 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\MAV-Pagato.pdf
[2012/09/24 11.49.43 | 000,066,567 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\trenitalia.pdf
[2012/09/22 20.23.48 | 000,044,812 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0503.jpg
[2012/09/22 18.54.18 | 000,423,968 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0520.jpg
[2012/09/22 18.53.52 | 000,522,919 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0522.jpg
[2012/09/22 18.53.25 | 000,486,446 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0524.jpg
[2012/09/22 18.53.12 | 000,419,476 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0525.jpg
[2012/09/22 18.52.57 | 000,463,125 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0526.jpg
[2012/09/21 03.46.06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/09/21 03.46.00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2012/09/21 03.45.54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2012/09/21 03.45.52 | 000,055,008 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/09/20 22.15.08 | 000,641,468 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0483.jpg
[2012/09/20 22.14.35 | 000,769,394 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\Foto-0487.jpg
[2012/09/20 16.35.36 | 000,685,394 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\MavUni.pdf
[2012/09/20 13.48.52 | 000,029,521 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\3969b_L'ATTIMO-FUGGENTE_RC_visore.jpg
[2012/09/20 13.23.02 | 000,072,386 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\convegni psicoanalisi.pdf
[2012/09/20 13.22.52 | 000,077,310 | ---- | M] () -- C:\Documents and Settings\lucia\Desktop\convegni.pdf
[2012/09/17 13.58.43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/16 14.58.42 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/12 22.44.30 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/12 12.34.52 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2012/10/12 12.34.47 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012/10/12 12.31.05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/12 12.31.05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/12 12.31.05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/12 12.31.05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/12 12.31.05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/12 00.46.18 | 000,371,264 | ---- | C] () -- C:\Documents and Settings\lucia\Documenti\Spyware Doctor 5.5.exe
[2012/10/12 00.34.29 | 000,627,006 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/10/11 22.05.35 | 000,009,226 | -HS- | C] () -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\6o4v7yr6ikfw18072u
[2012/10/11 22.05.35 | 000,009,226 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\6o4v7yr6ikfw18072u
[2012/10/06 11.32.12 | 000,063,800 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\MARIALUCIA-PAPA-129265257296363897703307009.pdf
[2012/10/04 13.52.11 | 000,124,709 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\NUOVA.jpg
[2012/10/02 11.45.58 | 000,407,027 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\DIALOGHI PSICOTERAPIE IN EVOLUZIONE.pdf
[2012/10/01 22.45.17 | 000,157,489 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\TIROOOOOC.pdf
[2012/09/30 13.51.41 | 000,367,183 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Copia (2) di Foto-0521.jpg
[2012/09/30 13.46.12 | 000,385,902 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Copia di Foto-0521.jpg
[2012/09/25 21.26.38 | 000,049,571 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\iltuobigliettotrenitalia.zip
[2012/09/25 20.52.15 | 000,007,983 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\MAV-Pagato.pdf
[2012/09/24 11.44.31 | 000,066,567 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\trenitalia.pdf
[2012/09/22 18.55.15 | 000,044,812 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0503.jpg
[2012/09/22 18.54.16 | 000,423,968 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0520.jpg
[2012/09/22 18.54.02 | 000,352,574 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0521.jpg
[2012/09/22 18.53.49 | 000,522,919 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0522.jpg
[2012/09/22 18.53.22 | 000,486,446 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0524.jpg
[2012/09/22 18.53.10 | 000,419,476 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0525.jpg
[2012/09/22 18.52.55 | 000,463,125 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0526.jpg
[2012/09/20 16.35.29 | 000,685,394 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\MavUni.pdf
[2012/09/20 13.49.05 | 000,029,521 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\3969b_L'ATTIMO-FUGGENTE_RC_visore.jpg
[2012/09/20 13.23.01 | 000,072,386 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\convegni psicoanalisi.pdf
[2012/09/20 13.22.50 | 000,077,310 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\convegni.pdf
[2012/09/17 20.24.55 | 000,769,394 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0487.jpg
[2012/09/17 20.24.29 | 000,641,468 | ---- | C] () -- C:\Documents and Settings\lucia\Desktop\Foto-0483.jpg
[2012/09/17 13.58.43 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk
[2012/09/17 13.58.43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/06 18.20.03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2012/07/06 18.20.03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2012/07/06 18.17.43 | 000,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2012/07/06 18.17.04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbvvs.dll
[2012/07/06 18.17.01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2012/07/06 18.16.12 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbvcoin.ini
[2012/06/16 13.42.59 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2012/06/16 13.42.59 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2012/06/16 13.42.59 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2012/06/16 13.42.59 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2012/06/16 13.42.59 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2012/06/03 21.57.53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/08 15.19.44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/05 19.56.30 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2011/06/05 19.56.26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/06/05 19.55.15 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2011/04/10 13.37.02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/10 01.48.42 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 16.03.01 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/09 15.48.19 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== ZeroAccess Check ==========

[2012/10/12 00.48.51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04.13.50 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04.13.56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/12 22.46.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2013
[2012/01/08 14.43.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BlazeVideo
[2012/10/12 22.36.09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2012/10/16 23.00.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2011/09/30 08.08.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\Audacity
[2012/10/12 22.46.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\AVG2013
[2011/04/09 18.44.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\Nucleus Kernel BKF
[2011/09/28 15.54.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\OpenOffice.org
[2012/07/21 12.45.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\searchquband
[2012/07/21 12.51.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\searchqutoolbar
[2012/10/12 00.32.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\TestApp
[2012/10/12 22.44.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2004/08/19 14.00.00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=178D42BD8FC34A9837417A6CE1D6BB7B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\explorer.exe
[2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/09 13.22.49 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=26845F272435302E0F3322E660A24F7D -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/09 13.22.49 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=26845F272435302E0F3322E660A24F7D -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/09 13.22.49 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=26845F272435302E0F3322E660A24F7D -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 13.22.49 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=26845F272435302E0F3322E660A24F7D -- C:\WINDOWS\system32\services.exe
[2009/02/09 12.05.36 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=AA6602EA22899E57D4661DDA87C3EE21 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/09 11.50.05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=BCF1770A35BDA3BD13A9E2054F15F37E -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/09 13.14.45 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C79FEAE2F68982259907AB52B0F2676F -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 04.14.19 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=DAC0440C89B1EA4E35684896D5BF856E -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17.04.42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programmi\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/19 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=73955B04F209D8A1C633867841267A96 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/14 04.14.21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 04.14.21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 04.14.21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/19 14.00.00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=C1E7FE19F98A877BF8F941BF48148695 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04.14.22 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 04.14.22 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04.14.22 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/19 14.00.00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=4166454E2BCFCC20D1B8A5AC9FEAB243 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/07 17.04.42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programmi\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04.14.24 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 04.14.24 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04.14.24 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG MP0804H
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 70,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4,00GB
Starting Offset: 75557422080
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 204,00MB
Starting Offset: 79842792960
Hidden sectors: 0


< >
[2004/09/06 19.58.49 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2005/03/15 22.18.05 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 16 October 2012 - 09:06 PM

Please go to Start > Control Panel > Add/Remove programs
a list of installed programs will populate
scroll down to the following programs and select "remove"

Searchqu Toolbar
iLivid



NEXT


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - [2012/07/08 17.11.04 | 001,825,720 | ---- | M] (Bandoo Media, inc) -- C:\Programmi\Searchqu Toolbar\Datamngr\datamngrUI.exe
    O4 - HKLM..\Run: [DATAMNGR] C:\Programmi\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    [2012/10/12 12.11.48 | 000,009,226 | -HS- | M] () -- C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\6o4v7yr6ikfw18072u
    [2012/10/12 12.11.48 | 000,009,226 | -HS- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\6o4v7yr6ikfw18072u
    [2012/07/21 12.45.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\searchquband
    [2012/07/21 12.51.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lucia\Dati applicazioni\searchqutoolbar
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Programmi\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT

please try running adwcleaner again

then move on to the ESET on-line scanner

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 17 October 2012 - 04:25 AM

All processes killed
========== OTL ==========
No active process named datamngrUI.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Programmi\Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
C:\Documents and Settings\lucia\Impostazioni locali\Dati applicazioni\6o4v7yr6ikfw18072u moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\6o4v7yr6ikfw18072u moved successfully.
C:\Documents and Settings\lucia\Dati applicazioni\searchquband folder moved successfully.
C:\Documents and Settings\lucia\Dati applicazioni\searchqutoolbar\weather folder moved successfully.
C:\Documents and Settings\lucia\Dati applicazioni\searchqutoolbar folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programmi\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Svuotata la cache del resolver DNS.
C:\Documents and Settings\lucia\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\lucia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2748245 bytes

User: lucia
->Temp folder emptied: 166603 bytes
->Temporary Internet Files folder emptied: 3404714 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27677241 bytes
->Flash cache emptied: 470 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2885 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145196 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10172012_112110

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\lucia\Impostazioni locali\Temp\~DF8E3B.tmp not found!
File\Folder C:\Documents and Settings\lucia\Impostazioni locali\Temp\~DF8E67.tmp not found!
File\Folder C:\Documents and Settings\lucia\Impostazioni locali\Temp\~DF8F17.tmp not found!
File\Folder C:\Documents and Settings\lucia\Impostazioni locali\Temp\~DF8F22.tmp not found!
File\Folder C:\Documents and Settings\lucia\Impostazioni locali\Temp\~DF8FFA.tmp not found!
File\Folder C:\Documents and Settings\lucia\Impostazioni locali\Temp\~DF9005.tmp not found!
C:\Documents and Settings\lucia\Impostazioni locali\Temporary Internet Files\Content.IE5\IJMK51N9\search[1].htm moved successfully.
C:\Documents and Settings\lucia\Impostazioni locali\Temporary Internet Files\Content.IE5\AYPODL66\page__p__2867105__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\lucia\Impostazioni locali\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_19c.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#13 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 17 October 2012 - 04:54 AM

I try to run adw cleaner but I have the same problem and I see the same message.

Can I use another software?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:03 PM

Posted 17 October 2012 - 06:28 AM

yes,

please move on to the ESET scan


NEXT



Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • click on JRT.exe to run it
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by CatByte, 17 October 2012 - 06:29 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 flynow

flynow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 17 October 2012 - 04:44 PM

This is a part of eset scan beacause I had to stop eset scanner.(It's so long)
Tomorrow I will continue eset scan of my pc.
Thank you for your patience.

C:\Programmi\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application
C:\System Volume Information\_restore{A15F607B-6C54-4F54-B719-0E3062A567A5}\RP166\A0063597.exe a variant of Win32/SpeedingUpMyPC application
C:\System Volume Information\_restore{A15F607B-6C54-4F54-B719-0E3062A567A5}\RP173\A0065236.dll a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{A15F607B-6C54-4F54-B719-0E3062A567A5}\RP173\A0065237.dll a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{A15F607B-6C54-4F54-B719-0E3062A567A5}\RP173\A0065238.dll Win32/Toolbar.SearchSuite application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users