nostrafrancos
-
Content Count
9 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by nostrafrancos
-
-
You need to follow the directions in the link I provided. It shows step by step what programs to download, install and run. Once all of them have been completed you need to post all of the log files generated.
Hello,
I have done the 1st part of the scan again and will carry on with the following steps and post them here
Thank you very much for your kind support
Regards
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4572
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
08/09/2010 19:19:09
mbam-log-2010-09-08 (19-19-09).txt
Scan type: Quick scan
Objects scanned: 141888
Time elapsed: 16 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{182b90a3-f372-438a-800c-6814b4de417b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2ee5c44-c66d-499d-beae-a2a79189a63a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{182b90a3-f372-438a-800c-6814b4de417b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{182b90a3-f372-438a-800c-6814b4de417b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
-
Please read these directions and post all of the required logs.
Hello and sorry for bothering you again
I'm not sure about what I should do next. I followed the instructions up to the MBAM scan ( I posted it as you said) which didn't show any infection but I still cannot access IE options. I'm a bit confused now... What should I do ? Move to step 2 even if there was no infection?
Thanks in advance for your kind support
frn
-
Try accessing Internet Options in the Control Panel. If it's icon is not there or will not open follow my previous instructions. You may not have completely removed the malware.
Hello and thanks again for your kind help
I've followed the procedures up to the Malwarebytes' section and posted the log where indicated. But IE options is still not accessible.
Best Regards
frn
-
Dear Sirs,
I was advised to do the following but still cannot open IE options.
" How To Post An Otl Log, Easy to Follow Guide
Create a new thread and post the required logs in the following section of the forums.
Malware Removal
Please wait patiently for the experts to read your logs and guide you on removing your malware. "
Here is the the Malwarebytes' log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4572
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26/09/2010 13:00:56
mbam-log-2010-09-26 (13-00-56).txt
Scan type: Quick scan
Objects scanned: 142433
Time elapsed: 13 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thanks a lot for your kind support
frn
-
Of course you can't. You have Microsoft Security Essentials set to lock access to them.
O4 - HKLM\..\Run: [MSSE] "c:\Programmi\Microsoft Security Essentials\msseces.exe" -hide -runkey
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
Hello Pete and thanks for your kind reply.
First of all congratulations as nobody else could find the reason why that was happening
Is there anything I can do to access IE options again? I mean can I change something in the Microsoft Security Essentials?
thanks
fran
-
Dear Sirs,
Ive had few problems recently with infection of spyware/malwares and thought I was cleared. But I've just realized I cannot access to IE options and I get this message: " this operation has been cancelled due to restrictions in effect on thsi computer.Please contact the system administrator".
My OS is Windows XP Home edition Version 2002
I'll post here the Hijackthis Log for you to check
Thanks in advance for your kind help
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:04:06, on 24/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Hide My IP\HideMyIpSrv.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [MSSE] "c:\Programmi\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181300875687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181300844156
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Programmi\Hide My IP\HideMyIpSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 7195 bytes
no access to IE options
in Malware Removal
Posted
Dear Sirs,
I'd be really grateful if you could check my logs.
I was infected with spywares/malwares before but I'm still having some problems ( pc slow, problems downloading updates, no access to IE options both from the browser and the Control Panel).
I'd like to thank you in advance for your kind help
Best Regards
frn
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4742
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
07/10/2010 23:22:18
mbam-log-2010-10-07 (23-22-18).txt
Scan type: Quick scan
Objects scanned: 144669
Time elapsed: 18 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[sharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:37 Go - Free:17 Go )
D:\ [CD_Rom]
.
Scan : 11:30.27
Path : C:\Documents and Settings\Fran\Desktop\Rooter.exe
User : Fran ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [system Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (480)
______ \??\C:\WINDOWS\system32\csrss.exe (536)
______ \??\C:\WINDOWS\system32\winlogon.exe (560)
______ C:\WINDOWS\system32\services.exe (604)
______ C:\WINDOWS\system32\lsass.exe (616)
______ C:\WINDOWS\system32\svchost.exe (772)
______ C:\WINDOWS\system32\svchost.exe (832)
______ c:\Programmi\Microsoft Security Essentials\MsMpEng.exe (900)
______ C:\WINDOWS\System32\svchost.exe (940)
______ C:\WINDOWS\System32\svchost.exe (1016)
______ C:\WINDOWS\system32\svchost.exe (1120)
______ C:\WINDOWS\Explorer.EXE (1300)
______ C:\WINDOWS\system32\spoolsv.exe (1332)
______ C:\Programmi\Microsoft Security Essentials\msseces.exe (1568)
______ C:\WINDOWS\System32\svchost.exe (1708)
______ C:\WINDOWS\system32\svchost.exe (1832)
______ C:\Programmi\Java\jre6\bin\jqs.exe (1852)
______ C:\WINDOWS\System32\svchost.exe (1900)
______ C:\WINDOWS\System32\svchost.exe (192)
______ C:\WINDOWS\system32\slserv.exe (240)
______ C:\WINDOWS\System32\svchost.exe (400)
______ C:\WINDOWS\system32\wuauclt.exe (520)
______ C:\WINDOWS\System32\wbem\wmiapsrv.exe (2512)
______ C:\WINDOWS\System32\alg.exe (2604)
______ C:\Programmi\internet explorer\iexplore.exe (3176)
______ C:\Programmi\internet explorer\iexplore.exe (3360)
______ C:\Programmi\Hide My IP\HideMyIpSrv.exe (3556)
______ C:\Documents and Settings\Fran\Desktop\Rooter.exe (1060)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:39999504384)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1450960922-839522115-1004Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1450960922-839522115-1004UA.job
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1450960922-839522115-1004.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1450960922-839522115-1004.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WebReg HP Photosmart C4400 series.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:31.21
.
C:\Rooter$\Rooter_1.txt - (08/10/2010 | 11:31.21)
Log created at 11:55 on 08/10/2010 (Fran)
Scanning C:\
C:\pagefile.sys
-------------------------
-=E.O.F=-
_____________________________________________________________________________________________________
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
_____________________________________________________________________________________________________
OTL logfile created on: 08/10/2010 13:42:08 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Fran\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Regno Unito | Language: ENG | Date Format: dd/MM/yyyy
511.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 37.25 Gb Total Space | 17.45 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-BZPR251MPO
Current User Name: Fran
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Fran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programmi\Hide My IP\HideMyIpSrv.exe ()
PRC - c:\Programmi\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\slserv.exe ( )
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Fran\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (HideMyIpSRV) -- C:\Programmi\Hide My IP\HideMyIpSrv.exe ()
SRV - (MsMpSvc) -- c:\Programmi\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Programmi\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )
========== Driver Services (SafeList) ==========
DRV - (ZDPSp50) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Programmi\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ultra) -- C:\WINDOWS\System32\Ultra.dll ()
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (W8335XP) -- C:\WINDOWS\system32\drivers\MRV8335XP.sys (Marvell Semiconductor, Inc)
DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\recagent.sys (Smart Link)
DRV - (CBTNDIS5) -- C:\WINDOWS\system32\CBTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Vireo Software)
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (FA312) -- C:\WINDOWS\system32\drivers\FA312nd5.sys (NETGEAR Corp.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/23 21:02:40 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/09/08 22:26:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Programmi\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181300875687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181300844156 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/19 22:08:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "ose"
MsConfig - Services: "NICSer_WPC54G"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "CCALib8"
MsConfig - Services: "BthServ"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Belkin Wireless Networking Utility.lnk - C:\Programmi\Belkin\F6D4050\v1\Belkinwcui.exe - (Belkin International, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Wireless-G Notebook Adapter.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Fran^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk - C:\Programmi\ERUNT\AUTOBACK.EXE - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ATIModeChange - hkey= - key= - File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: eMuleAutoStart - hkey= - key= - C:\Programmi\eMule\emule.exe (http://www.emule-project.net)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Fran\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programmi\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programmi\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: RegDoctor - hkey= - key= - C:\Programmi\RegDoctor\RegDoctor.exe (RegDoctor)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Programmi\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Programmi\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendering grafica vettoriale (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Binding dati Dynamic HTML per Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Creazione avanzata
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classi Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Aggiornamento della protezione per Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Utilità di pianificazione
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/10/08 13:29:04 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fran\Desktop\OTL.exe
[2010/10/08 11:31:21 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/10/08 11:24:39 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Fran\Desktop\Rooter.exe
[2010/10/07 22:44:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fran\Desktop\TFC.exe
[2010/10/07 22:32:45 | 000,000,000 | ---D | C] -- C:\Programmi\ERUNT
[2010/10/05 23:30:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/10/03 16:25:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fran\Recent
[2010/09/22 14:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Impostazioni locali\Dati applicazioni\Mozilla
[2010/09/17 16:30:26 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/17 16:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Impostazioni locali\Dati applicazioni\Sunbelt Software
[2010/09/15 18:38:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/15 17:41:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it
[2010/09/10 15:09:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-it
[2010/09/10 15:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/09 22:56:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/08 22:20:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/08 22:17:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/08 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Dati applicazioni\Malwarebytes
[2010/09/08 19:01:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 19:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/09/08 19:01:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 19:01:14 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/09/03 19:13:07 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2010/08/28 18:56:21 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft Security Essentials
[2010/08/26 19:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fran\Documenti\Downloads
[2010/08/26 18:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2010/08/18 12:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\CA
[2010/08/16 13:09:14 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/08/13 12:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2010/08/11 22:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/08/04 15:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Sun
[2010/08/04 14:45:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fran\IECompatCache
[2010/08/04 14:29:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fran\PrivacIE
[2010/08/04 14:22:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fran\IETldCache
[2010/08/04 14:19:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/08/04 14:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/08/04 14:13:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/21 18:17:17 | 000,000,000 | ---D | C] -- C:\Programmi\Windows Live Safety Center
[2007/03/19 23:12:09 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2003/04/24 19:20:00 | 000,521,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/04/24 19:20:00 | 000,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/04/24 19:19:00 | 001,295,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/04/24 19:19:00 | 000,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2003/04/24 19:19:00 | 000,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
========== Files - Modified Within 90 Days ==========
[2010/10/08 13:34:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Photosmart C4400 series.job
[2010/10/08 13:31:35 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1450960922-839522115-1004.job
[2010/10/08 13:31:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1450960922-839522115-1004.job
[2010/10/08 13:29:43 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fran\Desktop\OTL.exe
[2010/10/08 13:16:00 | 000,001,236 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1450960922-839522115-1004UA.job
[2010/10/08 12:45:01 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/08 12:38:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\gmer.zip
[2010/10/08 12:36:49 | 003,514,115 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\WVCheck.exe
[2010/10/08 12:29:22 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\CKScanner.exe
[2010/10/08 11:54:58 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\LockSearch.exe
[2010/10/08 11:25:06 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Fran\Desktop\Rooter.exe
[2010/10/08 11:10:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/08 11:10:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/07 23:34:28 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\Fran\ntuser.ini
[2010/10/07 23:34:27 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Fran\ntuser.dat
[2010/10/07 22:45:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fran\Desktop\TFC.exe
[2010/10/07 22:33:04 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\NTREGOPT.lnk
[2010/10/07 22:33:04 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\ERUNT.lnk
[2010/10/07 22:25:18 | 000,567,670 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/10/07 22:25:18 | 000,512,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 22:25:18 | 000,099,318 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/10/07 22:25:17 | 001,235,246 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/07 22:25:17 | 000,085,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 22:59:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 19:26:20 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\Microsoft Office Outlook 2003.lnk
[2010/10/01 19:16:00 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1450960922-839522115-1004Core.job
[2010/10/01 17:10:03 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/10/01 16:30:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/29 17:45:31 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/29 13:16:29 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\html.doc
[2010/09/28 16:21:23 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\HKEY_CURRENT_USER.reg
[2010/09/27 18:51:04 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\Nuovo Microsoft Word Document.doc
[2010/09/27 18:23:59 | 000,000,978 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/27 18:23:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/27 18:23:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/27 14:01:12 | 006,418,432 | ---- | M] () -- C:\Documents and Settings\Fran\ntuser.bak
[2010/09/24 23:03:29 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\HiJackThis.lnk
[2010/09/22 14:19:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/09/19 16:34:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\ben abroad.doc
[2010/09/17 16:30:25 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/16 16:34:55 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/13 23:05:16 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/13 22:06:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/13 22:06:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/11 13:54:17 | 000,046,392 | ---- | M] () -- C:\Documents and Settings\Fran\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/09/10 20:19:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2010/09/10 14:54:43 | 000,251,600 | RHS- | M] () -- C:\ntldr
[2010/09/10 13:52:25 | 000,552,345 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\ProtectYourComputer.pdf
[2010/09/08 22:26:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/08 19:01:27 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 19:35:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/28 18:56:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/28 18:37:47 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/25 18:07:37 | 006,951,964 | -H-- | M] () -- C:\Documents and Settings\Fran\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/08/04 13:55:43 | 000,089,805 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\bookmarks.htm
[2010/08/04 13:49:27 | 000,090,471 | ---- | M] () -- C:\Documents and Settings\Fran\Documenti\bookmark.htm
[2010/07/15 11:57:49 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\Microsoft Office Access 2003.lnk
========== Files Created - No Company Name ==========
[2010/10/08 12:38:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\gmer.zip
[2010/10/08 12:36:31 | 003,514,115 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\WVCheck.exe
[2010/10/08 12:29:19 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\CKScanner.exe
[2010/10/08 11:53:34 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\LockSearch.exe
[2010/10/07 22:33:04 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\NTREGOPT.lnk
[2010/10/07 22:33:04 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\ERUNT.lnk
[2010/09/29 13:15:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\html.doc
[2010/09/28 16:21:22 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\HKEY_CURRENT_USER.reg
[2010/09/27 13:36:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Fran\ntuser.tmp.LOG
[2010/09/25 10:49:43 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\Nuovo Microsoft Word Document.doc
[2010/09/22 14:19:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/19 16:33:34 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\ben abroad.doc
[2010/09/17 16:32:48 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/13 23:05:16 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/10 20:19:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2010/09/10 13:52:25 | 000,552,345 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\ProtectYourComputer.pdf
[2010/09/09 14:06:41 | 006,418,432 | ---- | C] () -- C:\Documents and Settings\Fran\ntuser.bak
[2010/09/09 14:06:41 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Fran\ntuser.dat
[2010/09/08 22:20:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/08 22:20:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/08 19:01:27 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 19:13:12 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\HiJackThis.lnk
[2010/08/28 18:56:24 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/26 19:11:55 | 000,001,236 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1450960922-839522115-1004UA.job
[2010/08/26 19:11:54 | 000,001,184 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1450960922-839522115-1004Core.job
[2010/08/12 22:52:53 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1450960922-839522115-1004.job
[2010/08/04 13:55:42 | 000,089,805 | ---- | C] () -- C:\Documents and Settings\Fran\Desktop\bookmarks.htm
[2010/08/04 13:49:17 | 000,090,471 | ---- | C] () -- C:\Documents and Settings\Fran\Documenti\bookmark.htm
[2010/01/12 17:59:23 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/01/12 17:59:21 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/09/11 12:57:51 | 000,000,126 | ---- | C] () -- C:\WINDOWS\PRLTP_USBdrv.ini
[2009/03/12 20:29:10 | 005,645,312 | ---- | C] () -- C:\Programmi\USB PC Cam Plus.msi
[2009/03/12 20:29:10 | 000,031,744 | ---- | C] () -- C:\Programmi\1040.MST
[2009/03/12 20:29:10 | 000,005,186 | ---- | C] () -- C:\Programmi\0x0410.ini
[2009/02/14 15:23:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/21 19:10:42 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/12/21 19:10:36 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2008/12/12 22:40:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2008/05/23 00:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/23 00:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/23 00:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/23 00:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/09 22:44:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/06/02 14:40:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2007/05/05 13:05:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/03/27 23:04:57 | 000,000,103 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/23 19:11:53 | 000,004,654 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/21 22:39:47 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Fran\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/21 22:33:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/19 23:32:40 | 000,000,772 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/19 23:12:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2007/03/19 23:12:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2007/03/19 23:05:35 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2005/07/11 23:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/25 16:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/03/23 01:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/04/24 19:20:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/04/24 19:20:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/04/24 19:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/08/13 12:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2007/05/19 00:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg7
[2010/08/13 10:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/08/18 12:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CA
[2010/01/12 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\pdf995
[2008/06/11 23:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
[2007/05/18 09:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fran\Dati applicazioni\AVG7
[2008/12/10 22:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fran\Dati applicazioni\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/11 19:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fran\Dati applicazioni\Hide IP NG
[2007/03/20 00:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fran\Dati applicazioni\LimeWire
[2007/04/05 14:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fran\Dati applicazioni\Ulead Systems
[2010/10/01 16:30:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2007/03/19 22:08:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/07 19:35:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/27 18:23:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2002/09/10 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2007/03/19 22:08:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/03/19 22:08:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/03/19 22:08:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/03/23 20:08:29 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/10 14:54:43 | 000,251,600 | RHS- | M] () -- C:\ntldr
[2010/10/08 11:10:08 | 804,298,752 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/09/13 22:06:17 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/12/17 19:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/03/12 20:34:26 | 000,005,186 | ---- | M] () -- C:\Programmi\0x0410.ini
[2009/03/12 20:34:32 | 000,031,744 | ---- | M] () -- C:\Programmi\1040.MST
[2009/03/12 20:34:36 | 005,645,312 | ---- | M] () -- C:\Programmi\USB PC Cam Plus.msi
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2007/03/19 21:52:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/03/19 21:52:12 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/03/19 21:52:12 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/13 22:09:11 | 000,000,181 | -HS- | M] () -- C:\Documents and Settings\Fran\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/03/19 22:48:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Fran\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mostra Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/10/08 12:29:22 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\CKScanner.exe
[2010/10/08 11:54:58 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\LockSearch.exe
[2010/10/08 13:29:43 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fran\Desktop\OTL.exe
[2010/10/08 11:25:06 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Fran\Desktop\Rooter.exe
[2010/10/07 22:45:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fran\Desktop\TFC.exe
[2010/10/08 12:36:49 | 003,514,115 | ---- | M] () -- C:\Documents and Settings\Fran\Desktop\WVCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/08 13:31:33 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Fran\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/27 17:48:40 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 19:14:14 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Programmi\Messenger\msmsgs.exe
[2002/08/20 17:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Messenger\msmsgsin.exe
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
[8 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2007/05/18 20:09:16 | 000,001,406 | ---- | M] () -- C:\WINDOWS\system32\Help.ico
[2007/05/18 20:09:16 | 000,002,550 | ---- | M] () -- C:\WINDOWS\system32\Uninstall.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/10/07 23:34:27 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Fran\ntuser.dat
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< %ProgramFiles%\Microsoft\*.* >
< %systemroot%\usgwmt\*.* >
< %ProgramFiles%\B\*.* >
< %SYSTEMDRIVE%\lspp\*.* >
< %systemroot%\Kral\*.* >
< %SYSTEMDRIVE%\windowsdvd.exe\*.* >
< %systemroot%\system32\*.ipo >
< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >
< %systemroot%\system32\*.mof >
< %systemroot%\*.atm >
< %systemroot%\system32\svhost\*.* >
< %ProgramFiles%\system32\*.* >
< %ProgramFiles%\Docmentt\*.* >
< %systemroot%\Help\*.vbs >
< %ProgramFiles%\Windows WinSxs\*.* /s >
< %ProgramFiles%\Outlook Express\IDT\*.* /s >
< %ProgramFiles%\Microsoft Office\365\*.* /s >
< %ProgramFiles%\Windows Live\*.* >
< %systemroot%\system32\win32\*.* >
< %SYSTEMDRIVE%\RECYCLER\*.* >
< %systemroot%\Fresh1\*.* >
< %ProgramFiles%\Kekj\*.* /s >
< %systemroot%\GDU\*.* >
< %systemroot%\KA\*.* >
< %systemroot%\R\*.* >
< %systemroot%\system32\*.fyo >
< %USERPROFILE%\System\*.* >
< %systemroot%\Source\*.* >
< %systemroot%\system32\ac\*.* >
< %ProgramFiles%\MSDN\*.* >
< %AppData%\AdobeUM\winvcldll54\*.* /s >
< %ProgramFiles%\Internet Explorer\*.ico >
< %systemroot%\system32\*.ojo >
< %systemroot%\system32\d323s\*.* >
< %systemroot%\system32\re\*.* >
< %UserProfile%\Microsoft\*.dll >
< %UserProfile%\Microsoft\*.log >
< %systemroot%\Bios\*.* >
< %ProgramFiles%\Spool\*.* >
< %ProgramFiles%\promp3\*.* >
< %SYSTEMDRIVE%\Driver\*.* /s >
< %SYSTEMDRIVE%\inetserver.exe\*.* >
< %systemroot%\java\trustlib\*.* >
< %ProgramFiles%\Common Files\designer\*.exe >
< %ProgramFiles%\*. >
[2008/07/04 21:53:33 | 000,000,000 | ---D | M] -- C:\Programmi\AC3File
[2008/07/04 21:57:51 | 000,000,000 | ---D | M] -- C:\Programmi\AC3Filter
[2010/09/13 23:02:39 | 000,000,000 | ---D | M] -- C:\Programmi\Adobe
[2008/12/12 14:55:27 | 000,000,000 | ---D | M] -- C:\Programmi\Adobe(2)
[2008/12/12 14:46:58 | 000,000,000 | ---D | M] -- C:\Programmi\Adobe(3)
[2007/03/29 13:18:51 | 000,000,000 | ---D | M] -- C:\Programmi\Ahead
[2008/12/12 14:58:06 | 000,000,000 | ---D | M] -- C:\Programmi\Apple Software Update
[2007/03/23 17:21:06 | 000,000,000 | ---D | M] -- C:\Programmi\ArtisanDVDPlayer
[2009/09/14 18:37:18 | 000,000,000 | ---D | M] -- C:\Programmi\Belkin
[2007/05/11 14:37:45 | 000,000,000 | ---D | M] -- C:\Programmi\BHODemon 2
[2007/08/19 21:11:15 | 000,000,000 | ---D | M] -- C:\Programmi\Canon
[2009/10/17 11:52:09 | 000,000,000 | ---D | M] -- C:\Programmi\CCleaner
[2007/03/19 22:03:26 | 000,000,000 | ---D | M] -- C:\Programmi\ComPlus Applications
[2009/02/26 00:33:43 | 000,000,000 | ---D | M] -- C:\Programmi\CramMaster
[2008/06/08 19:53:05 | 000,000,000 | ---D | M] -- C:\Programmi\DivX
[2009/09/30 14:40:56 | 000,000,000 | ---D | M] -- C:\Programmi\eMule
[2010/10/07 22:33:19 | 000,000,000 | ---D | M] -- C:\Programmi\ERUNT
[2010/09/08 22:24:19 | 000,000,000 | ---D | M] -- C:\Programmi\File comuni
[2009/02/01 12:49:10 | 000,000,000 | ---D | M] -- C:\Programmi\Freeware PDF Unlocker
[2009/11/14 22:51:34 | 000,000,000 | ---D | M] -- C:\Programmi\Google
[2007/03/20 23:42:49 | 000,000,000 | ---D | M] -- C:\Programmi\Hewlett-Packard
[2010/04/12 14:03:56 | 000,000,000 | ---D | M] -- C:\Programmi\Hide My IP
[2009/09/15 19:44:34 | 000,000,000 | ---D | M] -- C:\Programmi\HP
[2009/09/14 18:37:14 | 000,000,000 | -H-D | M] -- C:\Programmi\InstallShield Installation Information
[2007/03/19 23:09:45 | 000,000,000 | ---D | M] -- C:\Programmi\Intel
[2010/09/16 12:04:34 | 000,000,000 | ---D | M] -- C:\Programmi\Internet Explorer
[2010/09/13 21:38:33 | 000,000,000 | ---D | M] -- C:\Programmi\Java
[2008/12/13 21:49:03 | 000,000,000 | ---D | M] -- C:\Programmi\Lead Pursuit
[2010/09/08 19:01:30 | 000,000,000 | ---D | M] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/09/15 23:36:40 | 000,000,000 | ---D | M] -- C:\Programmi\Messenger
[2007/10/12 19:09:21 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft ActiveSync
[2007/03/19 22:08:11 | 000,000,000 | ---D | M] -- C:\Programmi\microsoft frontpage
[2008/11/04 13:28:30 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Office
[2010/08/28 18:57:15 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Security Essentials
[2007/04/27 20:52:10 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Works
[2007/04/25 22:25:53 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Works Suite 2003
[2007/10/12 19:09:32 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft.NET
[2010/09/16 11:59:33 | 000,000,000 | ---D | M] -- C:\Programmi\Movie Maker
[2010/04/09 16:47:45 | 000,000,000 | ---D | M] -- C:\Programmi\MSBuild
[2008/11/04 13:28:06 | 000,000,000 | ---D | M] -- C:\Programmi\MSECache
[2007/03/19 22:02:43 | 000,000,000 | ---D | M] -- C:\Programmi\MSN
[2007/03/19 22:02:27 | 000,000,000 | ---D | M] -- C:\Programmi\MSN Gaming Zone
[2009/09/16 17:04:54 | 000,000,000 | ---D | M] -- C:\Programmi\MSXML 4.0
[2010/04/09 16:41:11 | 000,000,000 | ---D | M] -- C:\Programmi\MSXML 6.0
[2010/09/15 17:33:52 | 000,000,000 | ---D | M] -- C:\Programmi\NetMeeting
[2010/04/11 18:51:18 | 000,000,000 | ---D | M] -- C:\Programmi\OpenVPN
[2010/09/15 23:31:12 | 000,000,000 | ---D | M] -- C:\Programmi\Outlook Express
[2007/05/27 00:28:34 | 000,000,000 | ---D | M] -- C:\Programmi\Panicware
[2008/12/01 01:01:46 | 000,000,000 | ---D | M] -- C:\Programmi\Pass4Side
[2009/02/08 00:29:00 | 000,000,000 | ---D | M] -- C:\Programmi\Pass4sure
[2010/09/22 14:56:35 | 000,000,000 | ---D | M] -- C:\Programmi\PcBugDoctor
[2009/09/11 12:58:00 | 000,000,000 | ---D | M] -- C:\Programmi\Pirelli
[2007/05/27 00:28:33 | 000,000,000 | ---D | M] -- C:\Programmi\PopupPopper
[2008/12/12 14:58:04 | 000,000,000 | ---D | M] -- C:\Programmi\QuickTime
[2010/05/23 21:01:58 | 000,000,000 | ---D | M] -- C:\Programmi\Real
[2007/03/22 23:09:52 | 000,000,000 | ---D | M] -- C:\Programmi\RealVNC
[2010/04/09 16:47:27 | 000,000,000 | ---D | M] -- C:\Programmi\Reference Assemblies
[2008/12/12 22:33:00 | 000,000,000 | ---D | M] -- C:\Programmi\RegDoctor
[2007/03/19 22:06:28 | 000,000,000 | ---D | M] -- C:\Programmi\Servizi in linea
[2007/05/07 14:10:37 | 000,000,000 | ---D | M] -- C:\Programmi\Skype
[2010/07/06 19:17:06 | 000,000,000 | ---D | M] -- C:\Programmi\SpeedFan
[2010/09/03 19:13:07 | 000,000,000 | ---D | M] -- C:\Programmi\Trend Micro
[2010/04/08 11:47:32 | 000,000,000 | ---D | M] -- C:\Programmi\UltraVPN
[2007/03/19 22:48:42 | 000,000,000 | -H-D | M] -- C:\Programmi\Uninstall Information
[2007/03/19 23:05:34 | 000,000,000 | ---D | M] -- C:\Programmi\VIA Technologies, Inc
[2010/08/18 13:18:22 | 000,000,000 | ---D | M] -- C:\Programmi\Windows Live Safety Center
[2007/04/05 14:41:26 | 000,000,000 | ---D | M] -- C:\Programmi\Windows Media Components
[2007/12/08 21:26:32 | 000,000,000 | ---D | M] -- C:\Programmi\Windows Media Connect 2
[2010/09/15 17:33:44 | 000,000,000 | ---D | M] -- C:\Programmi\Windows Media Player
[2010/09/15 17:33:42 | 000,000,000 | ---D | M] -- C:\Programmi\Windows NT
[2007/03/20 23:34:39 | 000,000,000 | -H-D | M] -- C:\Programmi\WindowsUpdate
[2008/12/12 20:51:10 | 000,000,000 | ---D | M] -- C:\Programmi\WinRAR
[2007/03/19 22:08:11 | 000,000,000 | ---D | M] -- C:\Programmi\xerox
[2009/10/13 13:35:07 | 000,000,000 | ---D | M] -- C:\Programmi\Yahoo!
< %systemroot%\system32\*.tso >
< %ALLUSERSPROFILE%\Documents\Server\*.* >
< %systemroot%\*.pif >
[2002/09/10 14:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
< %systemroot%\system32\n7533\*.* >
< %systemroot%\Us18336\*.* >
< %systemroot%\system32\*.zip >
< %systemroot%\system32\*.wgo >
< %ProgramFiles%\Microsoft Office\OFFICE11\*.* >
[2002/11/29 19:03:34 | 000,001,652 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\ACCESS.PIP
[2010/05/21 09:51:38 | 000,165,712 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\ACCWIZ.DLL
[2003/07/12 15:07:42 | 006,438,912 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\ACWZDAT.MDT
[2007/03/21 00:06:08 | 001,728,512 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\ACWZLIB.MDE
[2007/03/21 00:06:10 | 005,533,696 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\ACWZMAIN.MDE
[2003/07/12 15:07:44 | 002,359,296 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\ACWZUSR.MDT
[2007/03/22 19:07:56 | 000,091,488 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\ADDRPARS.DLL
[2007/04/19 15:10:18 | 000,045,920 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\AUTHZAX.DLL
[2007/03/22 20:29:56 | 000,099,160 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\AW.DLL
[2002/07/29 16:32:10 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\BIDI32.DLL
[2007/04/19 15:07:38 | 000,066,400 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\BLNMGR.DLL
[2007/04/19 15:07:34 | 000,052,064 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\BLNMGRPS.DLL
[2007/03/22 20:06:08 | 000,355,168 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\CDLMSO.DLL
[1999/01/15 15:20:40 | 000,112,351 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\CLIPPIT.ACG
[1999/01/15 15:20:42 | 002,904,417 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\CLIPPIT.ACS
[2008/08/11 12:52:46 | 000,080,392 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\DLGSETP.DLL
[1999/01/15 15:20:14 | 000,032,191 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\DOT.ACG
[2007/03/22 20:23:32 | 000,019,800 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\DSITF.DLL
[2007/05/10 14:44:02 | 000,121,688 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\DSSM.EXE
[2008/01/14 21:51:06 | 000,137,736 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\ENVELOPE.DLL
[2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE
[2003/03/20 00:23:56 | 000,001,652 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\EXCEL.PIP
[2005/03/01 15:27:48 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\EXCHCSP.DLL
[2009/12/11 13:50:58 | 000,079,660 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\EXLPRTID.XML
[2009/06/15 16:43:00 | 000,350,024 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\EXSEC32.DLL
[1999/01/15 15:20:42 | 000,162,709 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\F1.ACG
[2007/03/22 20:06:34 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\FINDER.EXE
[2007/06/06 13:46:12 | 001,961,312 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\FPCUTL.DLL
[2007/04/19 15:15:26 | 000,192,344 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\FPDTC.DLL
[2009/06/22 21:14:58 | 001,700,168 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\GDIPLUS.DLL
[2007/04/19 14:57:32 | 002,152,792 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\GRAPH.EXE
[1998/12/08 20:53:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\HLP95EN.DLL
[2007/04/19 15:10:30 | 000,116,576 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\IEAWSDC.DLL
[2008/02/06 22:33:38 | 000,127,496 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\IMPMAIL.DLL
[2007/03/20 19:35:08 | 000,000,619 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\INTLBAND.HTM
[2007/03/22 20:25:44 | 000,067,424 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\INTLDATE.DLL
[1999/01/15 15:20:46 | 000,127,537 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\LOGO.ACG
[2007/04/19 15:00:16 | 000,103,256 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MCPS.DLL
[2007/12/14 19:46:54 | 000,182,792 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MIMEDIR.DLL
[2007/03/22 19:06:46 | 000,033,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MLSHEXT.DLL
[1999/01/15 15:20:46 | 000,104,616 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\MNATURE.ACG
[2003/07/30 13:35:36 | 000,422,456 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSACC.OLB
[2010/01/14 17:53:24 | 006,700,888 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSACCESS.EXE
[2007/01/16 21:32:54 | 000,136,032 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSAEXP30.DLL
[1997/07/11 01:00:00 | 000,003,819 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\MSCAL.CNT
[2002/09/17 07:47:36 | 000,000,335 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\MSCAL.DEP
[1997/07/11 16:37:00 | 000,068,359 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\MSCAL.HLP
[2007/03/22 20:15:56 | 000,120,152 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSCAL.OCX
[2007/03/22 20:16:44 | 000,134,496 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSJSPP40.DLL
[2000/04/03 14:13:40 | 000,003,638 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\MSN.ICO
[2007/04/19 15:10:34 | 000,127,840 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOAUTH.DLL
[2007/03/22 20:04:52 | 000,109,912 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOCF.DLL
[2007/03/22 20:04:52 | 000,130,912 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOCFU.DLL
[2007/03/22 20:29:22 | 000,031,072 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\MSODCW.DLL
[2003/07/14 23:52:58 | 000,067,128 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOHEV.DLL
[2007/04/19 15:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOHTMED.EXE
[2007/04/19 15:07:24 | 000,036,192 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOSTYLE.DLL
[2007/04/19 15:07:32 | 000,045,408 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOSVFBR.DLL
[2007/03/22 20:08:34 | 000,203,104 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOUTL.OLB
[2003/04/09 17:20:56 | 000,001,900 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\MSOUTLO.PIP
[2000/11/09 11:49:16 | 001,200,177 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSOWCW.DLL
[2007/03/22 20:05:32 | 000,251,224 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSPPT.OLB
[2007/03/22 20:15:52 | 000,076,128 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSRTEDIT.DLL
[2007/04/19 15:00:30 | 000,637,792 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSTORDB.EXE
[2007/04/19 15:00:22 | 000,130,912 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSTORE.EXE
[2007/04/19 15:00:30 | 000,489,824 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSTORES.DLL
[2001/01/23 13:41:10 | 000,831,562 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSUSP.DLL
[2007/04/19 15:09:02 | 000,157,024 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSWEBCAP.DLL
[2007/03/22 20:05:50 | 000,668,000 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MSWORD.OLB
[2003/03/04 17:57:20 | 000,141,952 | ---- | M] (Microsoft) -- C:\Programmi\Microsoft Office\OFFICE11\MULTIMGR.DLL
[2001/01/29 21:03:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\MULTIQ.DLL
[2007/04/19 15:10:26 | 000,080,216 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\NAME.DLL
[2001/01/23 12:15:48 | 000,001,696 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISECHS.TXT
[2001/01/23 12:15:48 | 000,001,696 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISECHT.TXT
[2001/01/23 12:15:50 | 000,149,848 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEDEU.TXT
[2001/01/23 12:15:50 | 000,000,755 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEENG.TXT
[2001/01/23 12:15:50 | 000,000,755 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEENU.TXT
[2001/01/23 12:15:50 | 000,019,684 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEESN.TXT
[2001/01/23 12:15:50 | 000,049,196 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEFRA.TXT
[2001/01/23 12:15:50 | 000,019,618 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEITA.TXT
[2001/01/23 12:15:50 | 000,002,060 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEJPN.TXT
[2001/01/23 12:15:50 | 000,001,486 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISEKOR.TXT
[2001/01/23 12:15:50 | 000,000,745 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISENEU.TXT
[2001/01/23 12:15:50 | 000,013,256 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISENLD.TXT
[2001/01/23 12:15:50 | 000,013,730 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISESVE.TXT
[2001/01/23 12:15:50 | 000,000,697 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\NOISETHA.TXT
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\NPOFFICE.DLL
[1999/01/15 15:20:46 | 000,136,869 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\OFFCAT.ACG
[2007/03/22 20:06:22 | 000,287,576 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OIS.EXE
[2003/04/25 18:27:54 | 000,000,420 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\OIS.PIP
[2007/04/19 14:50:52 | 000,837,472 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OISAPP.DLL
[2007/03/22 20:06:08 | 000,046,432 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\oisctrl.dll
[2007/03/22 20:06:22 | 000,245,600 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OISGRAPH.DLL
[2007/11/19 20:38:52 | 000,236,040 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OLKFSTUB.DLL
[2009/12/11 13:50:58 | 000,079,692 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\OLKPRTID.XML
[2007/04/19 15:09:46 | 001,061,720 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OMFC.DLL
[2003/07/12 04:59:46 | 000,016,504 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\OPW11USR.INI
[2007/04/19 14:52:16 | 000,030,560 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLACCT.DLL
[2009/08/05 10:45:04 | 000,106,312 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\OUTLCTL.DLL
[2010/07/29 12:29:38 | 003,609,408 | ---- | M] (Microsoft Corp.) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLFLTR.DAT
[2005/11/04 14:36:46 | 000,307,440 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLFLTR.DLL
[2010/05/20 15:19:18 | 007,627,608 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLLIB.DLL
[2009/04/10 16:47:34 | 000,102,744 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLMIME.DLL
[2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2007/11/19 20:38:32 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLPH.DLL
[2009/02/09 21:28:22 | 000,066,904 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLRPC.DLL
[2007/04/19 13:52:54 | 000,050,016 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLVBS.DLL
[2007/03/22 20:07:28 | 000,052,576 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OUTLWAB.DLL
[2007/04/19 15:10:32 | 000,648,544 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OWSCLT.DLL
[2007/04/19 15:10:18 | 000,099,680 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\OWSSUPP.DLL
[2010/04/17 00:14:14 | 006,418,776 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\POWERPNT.EXE
[2003/03/20 00:23:38 | 000,001,532 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\POWERPOI.PIP
[2009/12/11 13:50:58 | 000,079,716 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\PPTPRTID.XML
[2010/01/14 17:48:00 | 001,790,808 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\PPTVIEW.EXE
[2007/03/22 20:18:32 | 000,116,576 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\PROFLWIZ.EXE
[2007/03/22 19:07:10 | 000,041,824 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\RECALL.DLL
[2003/03/25 12:45:28 | 000,005,974 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\REFBAR.ICO
[2003/03/25 12:45:28 | 000,005,974 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\REFBARH.ICO
[2007/06/06 13:07:40 | 000,100,192 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\REFEDIT.DLL
[2007/04/19 15:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL
[2003/02/19 14:05:30 | 000,108,800 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\REMINDER.WAV
[2002/12/14 00:30:44 | 000,002,664 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\RESETO11.OPS
[1999/01/15 15:20:14 | 000,123,149 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\ROCKY.ACG
[2007/03/22 20:09:02 | 000,394,080 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\RTFHTML.DLL
[2007/03/22 20:25:58 | 000,218,456 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\SAEXT.DLL
[2007/03/22 20:07:40 | 000,069,984 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\SENDTO.DLL
[2007/04/19 15:10:20 | 000,065,888 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\SEQCHK10.DLL
[2007/04/19 15:04:10 | 000,390,496 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\SETLANG.EXE
[2003/06/02 13:58:08 | 000,262,216 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\SMSW.CHM
[2007/05/10 14:42:52 | 000,450,392 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\SOA.DLL
[2007/05/10 14:42:52 | 002,839,904 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\STSLIST.DLL
[2007/04/19 15:10:28 | 000,185,696 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\STSUPLD.DLL
[2007/03/22 20:25:44 | 000,079,200 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\UCSCRIBE.DLL
[2002/10/30 13:21:18 | 000,246,424 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\UNICOWS.DLL
[2001/01/23 12:46:56 | 000,013,576 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\USPDAT10.XML
[2001/01/23 12:46:58 | 000,113,911 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\USPMAP.XML
[2001/01/23 12:46:56 | 000,167,035 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\USPTYPES.XML
[2008/04/15 21:13:57 | 000,479,232 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\UTILITY.MDA
[2003/04/02 12:21:12 | 000,111,632 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\WAVTOASF.EXE
[2003/01/13 16:04:18 | 000,092,752 | ---- | M] (Indicus Pvt. Ltd for Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\WDBIMP.DLL
[2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
[2003/06/06 12:25:46 | 000,001,764 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\WORD.PIP
[2002/12/02 16:54:08 | 000,001,532 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\WORDMAIL.PIP
[2009/12/11 13:51:00 | 000,079,676 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\WRDPRTID.XML
[2000/09/27 12:27:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\WWPAB.CNV
[2000/03/07 23:45:34 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\XL5EN32.OLB
[1999/12/09 22:21:30 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\OFFICE11\XLCALL32.DLL
[2003/05/29 13:22:08 | 000,010,217 | ---- | M] () -- C:\Programmi\Microsoft Office\OFFICE11\XML2WORD.XSL
< %systemroot%\system32\dllcache\*.com >
< %systemroot%\system32\dllchache\*.* >
< %systemroot%\system32\038840\*.* >
< %systemroot%\system32\13E92A\*.* >
< %systemroot%\system32\1CB5AD\*.* >
< %systemroot%\system32\52682A\*.* >
< %USERPROFILE%\My Documents\*.htm >
< %SYSTEMDRIVE%\Mr_CF\*.* >
< %USERPROFILE%\My Documents\*.dll >
< %USERPROFILE%\My Documents\*.ccc >
< %systemroot%\system32\Sis\*.* >
< %systemroot%\Microsft\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-07 21:37:20
< End of report >
_____________________________________________________________________________________________________
Windows Validation Check
Version: 1.8.8.3
Log Created On: 1237_08-10-2010
-----------------------
Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2010-10-07 20:54:50
Last Success Time for Update Download: 2010-10-08 09:16:59
Last Success Time for Update Installation: 2010-10-07 21:37:20
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------
WVCheck's File Dump
-----------------------
WVCheck found no known bad files.
WVCheck's Dir Dump
-----------------------
WVCheck found no known bad files.
WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.
WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.
WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - fa94696c0727bd59e517c674cd6e7c72
-------- End of File, program close at 1237_08-10-2010 --------
______________________________________________________________________________________________________
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-08 13:20:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Fran\IMPOST~1\Temp\agpiyaoc.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158307c65a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158307c65a@0024034c5deb 0xB0 0x50 0x53 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307c65a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307c65a@0024034c5deb 0xB0 0x50 0x53 0x23 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158307c65a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158307c65a@0024034c5deb 0xB0 0x50 0x53 0x23 ...
---- EOF - GMER 1.0.15 ----
______________________________________________________________________________________________________________________