Solved No boot"maximum number of secrets that may be stored in a single system has exceeded"

M

Millerr

Posts: 14   +0
It seems to be similar to this post
but in my case the pc stop at startup after login and i cannot open taskmanager neither do anything.
If i reinstall over windows xp home it boots but after 3-4 reboot it stop itself again after login with that error and i need to reinstall again windows xp home!!
After reinstalled windows i run gmer and avira, below the logs:

GMER-----------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-17 14:48:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 MAXTOR_STM3160813AS rev.MC1J
Running: 28yeg7yn.exe; Driver: C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\ugnyqaod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\nvrd32.sys entry point in ".rsrc" section [0xBA745014]
? C:\WINDOWS\system32\drivers\nvrd32.sys suspicious PE modification
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9D9B360, 0x30ACA7, 0xE8000020]
? system32\DRIVERS\avipbb.sys Impossibile trovare il percorso specificato. !

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 896E9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 896E9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 896E9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 896E9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 896E9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-19 896E9AEA

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00000528 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 894C6140
Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskMAXTOR_STM3160813AS_____________________MC1J____#5&358a0873&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB35434$\1716420808 0 bytes
File C:\WINDOWS\$NtUninstallKB35434$\2295856450 0 bytes
File C:\WINDOWS\$NtUninstallKB35434$\2295856450\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB35434$\2295856450\L 0 bytes
File C:\WINDOWS\$NtUninstallKB35434$\2295856450\L\ulzdefva 96104 bytes
File C:\WINDOWS\$NtUninstallKB35434$\2295856450\U 0 bytes
File C:\WINDOWS\system32\drivers\nvrd32.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


AVIRA----------




Avira AntiVir Personal
Data del file di report: sabato 17 dicembre 2011 13:44

Ricerca di 3573361 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : USERXP-9E715B09

Informazioni sulla versione:
BUILD.DAT : 9.0.0.25 21699 Bytes 18/10/10 14:31:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/09 15:34:43
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/09 10:14:29
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/09 10:35:56
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/09 10:15:14
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/09 15:34:43
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/10 14:15:41
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/11 14:23:07
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/11 13:19:38
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/11 13:17:55
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/11 16:22:42
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/11 13:44:39
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05/10/11 12:54:37
VBASE008.VDF : 7.11.18.32 2132992 Bytes 24/11/11 14:10:44
VBASE009.VDF : 7.11.18.33 2048 Bytes 24/11/11 14:10:45
VBASE010.VDF : 7.11.18.34 2048 Bytes 24/11/11 14:10:45
VBASE011.VDF : 7.11.18.35 2048 Bytes 24/11/11 14:10:45
VBASE012.VDF : 7.11.18.36 2048 Bytes 24/11/11 14:10:48
VBASE013.VDF : 7.11.18.89 204800 Bytes 28/11/11 08:57:18
VBASE014.VDF : 7.11.18.145 143872 Bytes 01/12/11 13:56:56
VBASE015.VDF : 7.11.18.180 173056 Bytes 02/12/11 13:56:48
VBASE016.VDF : 7.11.18.208 164864 Bytes 05/12/11 09:49:27
VBASE017.VDF : 7.11.18.239 177152 Bytes 06/12/11 09:49:30
VBASE018.VDF : 7.11.19.36 171520 Bytes 09/12/11 14:20:30
VBASE019.VDF : 7.11.19.77 144896 Bytes 13/12/11 14:08:27
VBASE020.VDF : 7.11.19.78 2048 Bytes 13/12/11 14:08:27
VBASE021.VDF : 7.11.19.79 2048 Bytes 13/12/11 14:08:27
VBASE022.VDF : 7.11.19.80 2048 Bytes 13/12/11 14:08:27
VBASE023.VDF : 7.11.19.81 2048 Bytes 13/12/11 14:08:27
VBASE024.VDF : 7.11.19.82 2048 Bytes 13/12/11 14:08:28
VBASE025.VDF : 7.11.19.83 2048 Bytes 13/12/11 14:08:28
VBASE026.VDF : 7.11.19.84 2048 Bytes 13/12/11 14:08:28
VBASE027.VDF : 7.11.19.85 2048 Bytes 13/12/11 14:08:28
VBASE028.VDF : 7.11.19.86 2048 Bytes 13/12/11 14:08:28
VBASE029.VDF : 7.11.19.87 2048 Bytes 13/12/11 14:08:28
VBASE030.VDF : 7.11.19.88 2048 Bytes 13/12/11 14:08:28
VBASE031.VDF : 7.11.19.112 175104 Bytes 14/12/11 21:37:49
Motore : 8.2.8.2
AEVDF.DLL : 8.1.2.2 106868 Bytes 25/10/11 16:30:13
AESCRIPT.DLL : 8.1.3.90 491899 Bytes 09/12/11 08:21:44
AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/10 15:03:55
AESBX.DLL : 8.2.4.5 434549 Bytes 02/12/11 13:56:55
AERDL.DLL : 8.1.9.15 639348 Bytes 10/09/11 07:08:24
AEPACK.DLL : 8.2.15.1 770423 Bytes 13/12/11 14:08:30
AEOFFICE.DLL : 8.1.2.23 201083 Bytes 13/12/11 14:08:29
AEHEUR.DLL : 8.1.3.6 3895670 Bytes 09/12/11 08:21:43
AEHELP.DLL : 8.1.18.0 254327 Bytes 25/10/11 16:30:02
AEGEN.DLL : 8.1.5.17 405877 Bytes 09/12/11 08:21:39
AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/10 15:03:46
AECORE.DLL : 8.1.24.0 196983 Bytes 25/10/11 16:30:00
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/10 13:13:51
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/08 07:48:02
AVPREF.DLL : 9.0.3.0 44289 Bytes 28/09/09 07:16:32
AVREP.DLL : 10.0.0.9 174120 Bytes 07/03/11 07:43:44
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/08 14:25:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/09 14:05:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/09 09:37:12
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/09 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/09 07:21:38
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/08 14:41:28
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/09 13:11:50
RCTEXT.DLL : 9.0.73.0 87809 Bytes 19/11/09 15:34:42

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, E:, F:, G:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio

Avvio della scansione: sabato 17 dicembre 2011 13:44

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Non è stato possibile inizializzare il driver.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'mmc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'rundll32.exe' - '1' modulo(i) scansionato(i)
Scansione processo '08221.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3\08221.exe'
Scansione processo '0A7.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'HP1006MC.EXE' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE'
Scansione processo 'IDriveEBackground.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'IDriveETray.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'soffice.bin' - '1' modulo(i) scansionato(i)
Scansione processo 'msiexec.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'soffice.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ctfmon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'rundll32.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'LogMeInSystray.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'nvraidservice.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lvvm.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'explorer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'rundll32.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'wmiapsrv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'nvsvc32.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\WINDOWS\system32\nvsvc32.exe'
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'LogMeIn.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\LogMeIn\x86\LogMeIn.exe'
Scansione processo 'ramaint.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\LogMeIn\x86\RaMaint.exe'
Scansione processo 'LMIGuardianSvc.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe'
Scansione processo 'jqs.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\Java\jre6\bin\jqs.exe'
Scansione processo 'IDriveWebM.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\IDrive\IDriveWebM.exe'
Scansione processo 'IDriveE Service.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\IDrive\IDriveE Service.exe'
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)
Il modulo è infetto -> 'C:\Programmi\Avira\AntiVir Desktop\sched.exe'
Scansione processo 'spoolsv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '1' modulo(i) scansionato(i)
Il processo '08221.exe' verrà terminato
Il processo 'HP1006MC.EXE' verrà terminato
Il processo 'nvsvc32.exe' verrà terminato
Il processo 'LogMeIn.exe' verrà terminato
Il processo 'ramaint.exe' verrà terminato
Il processo 'LMIGuardianSvc.exe' verrà terminato
Il processo 'jqs.exe' verrà terminato
Il processo 'IDriveWebM.exe' verrà terminato
Il processo 'IDriveE Service.exe' verrà terminato
Il processo 'sched.exe' verrà terminato
C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3\08221.exe
[RILEVAMENTO] Contiene il modello di rilevamento del programma backdoor (pericoloso) BDS/Cycbot.176128.70
[NOTA] Il file è stato spostato in quarantena con il nome '4f1e8f17.qua'!
Catched Exception in SCAN_ProcessList
ACCESS_VIOLATION
EAX = 00000000 EBX = 00000000
ECX = 00000128 EDX = 00469224
ESI = 00469214 EDI = 00000000
EIP = 7C92B1FA EBP = 01D0FD3C
ESP = 01D0FCC8 Flg = 00010246
CS = 00000023 SS = 0000001B

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!
Record master di avvio dell'Hard Disk 1
[INFO] Nessun virus è stato trovato!
Record master di avvio dell'Hard Disk 2
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'E:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'F:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'G:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):

Il registro è stato scansionato ( 52 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\Documents and Settings\Proprietario\Dati applicazioni\Sun\Java\Deployment\cache\6.0\55\2c14dcf7-349ab32a
[0] Tipo di archivio: ZIP
--> json/Parser.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/Java.Dldr.A
--> json/XML.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0840.FL
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\80000000.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.D.1
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cb.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cf.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.S
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.24292
C:\Programmi\Avira\AntiVir Desktop\sched.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\Programmi\Avira\AntiVir Desktop\update.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\Programmi\IDrive\IDriveE Service.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\Programmi\IDrive\IDriveWebM.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\Programmi\Java\jre6\bin\jqs.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.25211.23
C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\Programmi\LogMeIn\x86\LogMeIn.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\Programmi\LogMeIn\x86\ramaint.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\System Volume Information\_restore{8F534C33-CFCC-4DB4-8780-4F9592E8E2B4}\RP0\A0000007.exe
[RILEVAMENTO] Contiene il modello di rilevamento del programma backdoor (pericoloso) BDS/Cycbot.176128.70
C:\WINDOWS\1123932040:1999110845.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
C:\WINDOWS\system32\c_59112.nl_
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
C:\WINDOWS\system32\nvsvc32.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
C:\WINDOWS\system32\drivers\avipbb.sys
[RILEVAMENTO] Contiene il modello di rilevamento del Rootkit RKIT/ZAccess.EA
C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
Inizia con la scansione di 'E:\' <Volume>
Inizia con la scansione di 'F:\'
F:\WINDOWS\system32\drivers\nvrd32.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Patched.Gen
Inizia con la scansione di 'G:\' <Volume>

Avvio della disinfezione:
C:\Documents and Settings\Proprietario\Dati applicazioni\Sun\Java\Deployment\cache\6.0\55\2c14dcf7-349ab32a
[NOTA] Il file è stato spostato in quarantena con il nome '4f1d9ac7.qua'!
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\80000000.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.D.1
[NOTA] Il file è stato spostato in quarantena con il nome '4f1c9a94.qua'!
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cb.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
[NOTA] Il file è stato spostato in quarantena con il nome '4b9f94dd.qua'!
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\88d7fd42\U\800000cf.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Sirefef.S
[NOTA] Il file è stato spostato in quarantena con il nome '4b9abf35.qua'!
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.24292
[NOTA] Il file è stato spostato in quarantena con il nome '4f539ada.qua'!
C:\Programmi\Avira\AntiVir Desktop\sched.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[AVVISO] Si è verificato un errore nel tentativo di creare una copia di backup e il file non è stato cancellato. Numero errore: 26003
[AVVISO] Impossibile eliminare il file!
[NOTA] Si sta tentando di eseguire l'azione con l'aiuto della ARK Library.
[NOTA] Non è stato possibile inizializzare il driver.
[NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
C:\Programmi\Avira\AntiVir Desktop\update.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[NOTA] Il file è stato spostato in quarantena con il nome '4f509ae7.qua'!
C:\Programmi\IDrive\IDriveE Service.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[AVVISO] Si è verificato un errore nel tentativo di creare una copia di backup e il file non è stato cancellato. Numero errore: 26003
[AVVISO] Impossibile eliminare il file!
[NOTA] Si sta tentando di eseguire l'azione con l'aiuto della ARK Library.
[AVVISO] Errore nella ARK Library
[NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
C:\Programmi\IDrive\IDriveWebM.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[NOTA] Il file è stato spostato in quarantena con il nome '4f5e9acd.qua'!
C:\Programmi\Java\jre6\bin\jqs.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.25211.23
[NOTA] Il file è stato spostato in quarantena con il nome '4f5f9afa.qua'!
C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[NOTA] Il file è stato spostato in quarantena con il nome '4f359ad6.qua'!
C:\Programmi\LogMeIn\x86\LogMeIn.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[NOTA] Il file è stato spostato in quarantena con il nome '4f539af8.qua'!
C:\Programmi\LogMeIn\x86\ramaint.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[NOTA] Il file è stato spostato in quarantena con il nome '4f599aea.qua'!
C:\System Volume Information\_restore{8F534C33-CFCC-4DB4-8780-4F9592E8E2B4}\RP0\A0000007.exe
[RILEVAMENTO] Contiene il modello di rilevamento del programma backdoor (pericoloso) BDS/Cycbot.176128.70
[NOTA] Il file è stato spostato in quarantena con il nome '4f1c9ab9.qua'!
C:\WINDOWS\1123932040:1999110845.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
[NOTA] Il file è stato spostato in quarantena con il nome '4f1e9aba.qua'!
C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
[NOTA] Il file è stato spostato in quarantena con il nome '4f5f9aef.qua'!
C:\WINDOWS\system32\c_59112.nl_
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
[NOTA] Il file è stato spostato in quarantena con il nome '4f219ae9.qua'!
C:\WINDOWS\system32\nvsvc32.exe
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[NOTA] Il file è stato spostato in quarantena con il nome '4f5f9b00.qua'!
C:\WINDOWS\system32\drivers\avipbb.sys
[RILEVAMENTO] Contiene il modello di rilevamento del Rootkit RKIT/ZAccess.EA
[NOTA] Il file è stato spostato in quarantena con il nome '4f559b00.qua'!
C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[AVVISO] Si è verificato un errore nel tentativo di creare una copia di backup e il file non è stato cancellato. Numero errore: 26003
[AVVISO] Impossibile eliminare il file!
[NOTA] Si sta tentando di eseguire l'azione con l'aiuto della ARK Library.
[NOTA] Non è stato possibile inizializzare il driver.
[NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
F:\WINDOWS\system32\drivers\nvrd32.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Patched.Gen
[NOTA] Il file è stato spostato in quarantena con il nome '4f5e9b04.qua'!


Fine della scansione: sabato 17 dicembre 2011 14:35
Tempo impiegato: 43:39 Minuto(i)

La scansione è stata completamente eseguita.

6352 Directory scansionate
653409 I file sono stati scansionati
34 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
19 File spostati in quarantena
0 File rinominati
1 Impossibile scansionare i file
653374 File non infetti
18923 Archivi scansionati
5 Avvisi
23 Note
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Before your reply I performed some of the passages reported in the other topics and i think i removed the rootkit and also internet is working. But is still asking me the windows CD but when i put it it says it is wrong and also another popup asks me a file startup.msi which i dont know what it is

Anyway i attach the requested log which seems to be clean:


18:15:57.0453 1108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:15:57.0453 1108 NetBT - ok
18:15:57.0515 1108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:15:57.0515 1108 Npfs - ok
18:15:57.0640 1108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:15:57.0687 1108 Ntfs - ok
18:15:57.0828 1108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:15:57.0828 1108 Null - ok
18:15:58.0015 1108 nv (430f3783943c61b1cd7010fe84df3674) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:15:58.0156 1108 nv - ok
18:15:58.0312 1108 NVENETFD (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:15:58.0328 1108 NVENETFD - ok
18:15:58.0484 1108 nvgts (4bc4baaed05161e0d331627e90a10745) C:\WINDOWS\system32\DRIVERS\nvgts.sys
18:15:58.0484 1108 nvgts - ok
18:15:58.0734 1108 nvnetbus (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:15:58.0734 1108 nvnetbus - ok
18:15:58.0906 1108 nvrd32 (77ac69ac4f07bd9d29528b8fcc71fb49) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
18:15:59.0140 1108 nvrd32 - ok
18:15:59.0203 1108 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
18:15:59.0203 1108 nvsmu - ok
18:15:59.0328 1108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:15:59.0328 1108 NwlnkFlt - ok
18:15:59.0406 1108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:15:59.0406 1108 NwlnkFwd - ok
18:15:59.0531 1108 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
18:15:59.0531 1108 Parport - ok
18:15:59.0671 1108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:15:59.0687 1108 PartMgr - ok
18:15:59.0765 1108 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:15:59.0765 1108 ParVdm - ok
18:15:59.0875 1108 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
18:15:59.0890 1108 PCI - ok
18:16:00.0015 1108 PCIDump - ok
18:16:00.0109 1108 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:16:00.0109 1108 PCIIde - ok
18:16:00.0156 1108 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:16:00.0171 1108 Pcmcia - ok
18:16:00.0203 1108 PDCOMP - ok
18:16:00.0218 1108 PDFRAME - ok
18:16:00.0234 1108 PDRELI - ok
18:16:00.0343 1108 PDRFRAME - ok
18:16:00.0421 1108 perc2 - ok
18:16:00.0531 1108 perc2hib - ok
18:16:00.0796 1108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:16:00.0796 1108 PptpMiniport - ok
18:16:00.0984 1108 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
18:16:00.0984 1108 Processor - ok
18:16:01.0250 1108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:16:01.0437 1108 PSched - ok
18:16:01.0531 1108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:16:01.0531 1108 Ptilink - ok
18:16:01.0593 1108 ql1080 - ok
18:16:01.0609 1108 Ql10wnt - ok
18:16:01.0625 1108 ql12160 - ok
18:16:01.0640 1108 ql1240 - ok
18:16:01.0750 1108 ql1280 - ok
18:16:01.0812 1108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:16:01.0812 1108 RasAcd - ok
18:16:01.0859 1108 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:16:01.0875 1108 Rasirda - ok
18:16:02.0000 1108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:16:02.0000 1108 Rasl2tp - ok
18:16:02.0109 1108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:16:02.0109 1108 RasPppoe - ok
18:16:02.0218 1108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:16:02.0218 1108 Raspti - ok
18:16:02.0359 1108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:16:02.0359 1108 Rdbss - ok
18:16:02.0484 1108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:16:02.0484 1108 RDPCDD - ok
18:16:02.0625 1108 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:16:02.0625 1108 RDPWD - ok
18:16:02.0765 1108 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:16:02.0765 1108 redbook - ok
18:16:02.0921 1108 RT73 (abdc839bd1c53f9c17449b10221cb942) C:\WINDOWS\system32\DRIVERS\rt73.sys
18:16:03.0203 1108 RT73 - ok
18:16:03.0296 1108 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:16:03.0296 1108 rtl8139 - ok
18:16:03.0484 1108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:16:03.0500 1108 Secdrv - ok
18:16:03.0656 1108 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:16:03.0656 1108 serenum - ok
18:16:03.0875 1108 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
18:16:03.0890 1108 Serial - ok
18:16:03.0984 1108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:16:03.0984 1108 Sfloppy - ok
18:16:04.0000 1108 Simbad - ok
18:16:04.0046 1108 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
18:16:04.0062 1108 snapman - ok
18:16:04.0140 1108 Sparrow - ok
18:16:04.0171 1108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:16:04.0171 1108 splitter - ok
18:16:04.0281 1108 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
18:16:04.0281 1108 sr - ok
18:16:04.0437 1108 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
18:16:04.0437 1108 Srv - ok
18:16:04.0546 1108 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:16:04.0578 1108 ssmdrv - ok
18:16:04.0750 1108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:16:04.0750 1108 swenum - ok
18:16:04.0859 1108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:16:04.0859 1108 swmidi - ok
18:16:05.0078 1108 symc810 - ok
18:16:05.0140 1108 symc8xx - ok
18:16:05.0312 1108 sym_hi - ok
18:16:05.0390 1108 sym_u3 - ok
18:16:05.0593 1108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:16:05.0750 1108 sysaudio - ok
18:16:05.0906 1108 Tcpip (accf5a9a1ffaa490f33dba1c632b95e1) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:16:05.0921 1108 Tcpip - ok
18:16:06.0015 1108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:16:06.0015 1108 TDPIPE - ok
18:16:06.0093 1108 tdrpman255 (dc1ba6e904491a46124cb90c401e8a31) C:\WINDOWS\system32\DRIVERS\tdrpm255.sys
18:16:06.0125 1108 tdrpman255 - ok
18:16:06.0218 1108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:16:06.0218 1108 TDTCP - ok
18:16:06.0296 1108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:16:06.0296 1108 TermDD - ok
18:16:06.0406 1108 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
18:16:06.0437 1108 timounter - ok
18:16:06.0531 1108 TosIde - ok
18:16:06.0562 1108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:16:06.0578 1108 Udfs - ok
18:16:06.0671 1108 ultra - ok
18:16:06.0781 1108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:16:06.0781 1108 Update - ok
18:16:06.0968 1108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:16:06.0968 1108 usbccgp - ok
18:16:07.0062 1108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:16:07.0062 1108 usbehci - ok
18:16:07.0093 1108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:16:07.0093 1108 usbhub - ok
18:16:07.0265 1108 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:16:07.0265 1108 usbohci - ok
18:16:07.0468 1108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:16:07.0468 1108 usbprint - ok
18:16:07.0578 1108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:16:07.0593 1108 usbscan - ok
18:16:07.0812 1108 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:16:08.0046 1108 usbstor - ok
18:16:08.0078 1108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:16:08.0078 1108 VgaSave - ok
18:16:08.0218 1108 ViaIde - ok
18:16:08.0281 1108 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
18:16:08.0296 1108 VolSnap - ok
18:16:08.0437 1108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:16:08.0437 1108 Wanarp - ok
18:16:08.0500 1108 WDICA - ok
18:16:08.0562 1108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:16:08.0562 1108 wdmaud - ok
18:16:08.0765 1108 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:16:08.0765 1108 WmiAcpi - ok
18:16:08.0875 1108 MBR (0x1B8) (68afb480099dfdd51e473480e1984666) \Device\Harddisk0\DR0
18:16:08.0937 1108 \Device\Harddisk0\DR0 - ok
18:16:08.0968 1108 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk1\DR1
18:16:09.0125 1108 \Device\Harddisk1\DR1 - ok
18:16:09.0140 1108 MBR (0x1B8) (32eba9799b6c4e5cc5fe2819db3410f4) \Device\Harddisk2\DR6
18:16:09.0234 1108 \Device\Harddisk2\DR6 - ok
18:16:09.0250 1108 Boot (0x1200) (f260bdd73ef999711cc1312e368bc4f7) \Device\Harddisk0\DR0\Partition0
18:16:09.0250 1108 \Device\Harddisk0\DR0\Partition0 - ok
18:16:09.0265 1108 Boot (0x1200) (f6b2e41cac266b03644c688360675cf1) \Device\Harddisk0\DR0\Partition1
18:16:09.0265 1108 \Device\Harddisk0\DR0\Partition1 - ok
18:16:09.0281 1108 Boot (0x1200) (f260bdd73ef999711cc1312e368bc4f7) \Device\Harddisk1\DR1\Partition0
18:16:09.0281 1108 \Device\Harddisk1\DR1\Partition0 - ok
18:16:09.0296 1108 Boot (0x1200) (f6b2e41cac266b03644c688360675cf1) \Device\Harddisk1\DR1\Partition1
18:16:09.0328 1108 \Device\Harddisk1\DR1\Partition1 - ok
18:16:09.0328 1108 ============================================================
18:16:09.0328 1108 Scan finished
18:16:09.0328 1108 ============================================================
18:16:09.0343 2376 Detected object count: 0
18:16:09.0343 2376 Actual detected object count: 0
 
I performed some of the passages reported in the other topics
Click to expand...
Never do this. Every computer is unique.
One of my rules says:
Please refrain from running tools or applying updates other than those I suggest.
Click to expand...
What tools did you run?
 
Note that the pc has a RAID 1 with two HDD
  1. ANTIVIRUS RAN - NO RILEVATION
  2. MALWAREBYTES RAN - LOG ATTACHED
  3. GMER RAN - LOG ATTACHED
  4. DDS RAN - LOG ATTACHED


-----------------------------------------------MALWAREBYTES-----------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8392

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18/12/11 11.33.31
mbam-log-2011-12-18 (11-33-31).txt

Scan type: Quick scan
Objects scanned: 199444
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E1F337E-C3C8-4FE6-978B-1D0758231E11}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.84,93.188.161.224) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F71A6FF3-40A9-4258-8F9A-09B671C20DC3}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.84,93.188.161.224) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F71A6FF3-40A9-4258-8F9A-09B671C20DC3}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.162.84,93.188.161.224) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------------------------------GMER--------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-18 16:40:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e MAXTOR_STM3160813AS rev.MC1J
Running: 28yeg7yn.exe; Driver: C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\ugnyqaod.sys


---- System - GMER 1.0.15 ----

SSDT BAED8F94 ZwClose
SSDT BAED8F4E ZwCreateKey
SSDT BAED8F9E ZwCreateSection
SSDT BAED8F44 ZwCreateThread
SSDT BAED8F53 ZwDeleteKey
SSDT BAED8F5D ZwDeleteValueKey
SSDT BAED8F8F ZwDuplicateObject
SSDT BAED8F62 ZwLoadKey
SSDT BAED8F30 ZwOpenProcess
SSDT BAED8F35 ZwOpenThread
SSDT BAED8FB7 ZwQueryValueKey
SSDT BAED8F6C ZwReplaceKey
SSDT BAED8FA8 ZwRequestWaitReplyPort
SSDT BAED8F67 ZwRestoreKey
SSDT BAED8FA3 ZwSetContextThread
SSDT BAED8FAD ZwSetSecurityObject
SSDT BAED8F58 ZwSetValueKey
SSDT BAED8FB2 ZwSystemDebugControl
SSDT BAED8F3F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B5B360, 0x30ACA7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\mbr \Device\mbr B5330CDE
Device \Driver\usbstor -> DriverStartIo \Device\0000008c BAB71F26
Device \Driver\usbstor \Device\0000008c BAB75218
Device \Driver\usbstor -> DriverStartIo \Device\0000008d BAB71F26
Device \Driver\usbstor \Device\0000008d BAB75218

AttachedDevice \FileSystem\Fastfat \Fat tdrpm255.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

-------------------------------------------------DDS---------------------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Run by Proprietario at 16:40:59 on 2011-12-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1197 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\IDrive\IDriveETray.exe
C:\Programmi\IDrive\IDriveEBackground.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmi\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmi\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\programmi\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [IDriveE Startup] "c:\programmi\idrive\IDrvieEStartup.exe" Hide
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [LogMeIn GUI] "c:\programmi\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrueImageMonitor.exe] c:\programmi\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Servizio Acronis Scheduler2] "c:\programmi\file comuni\acronis\schedule2\schedhlp.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\programmi\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmi\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\propri~1\menuav~1\progra~1\esecuz~1\idrive~1.lnk - c:\programmi\idrive\IDriveEReg2ini.exe
StartupFolder: c:\docume~1\propri~1\menuav~1\progra~1\esecuz~1\openof~1.lnk - c:\programmi\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\hpdigi~1.lnk - c:\programmi\hp\digital imaging\bin\hpqtra08.exe
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmi\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: Interfaces\{1075E897-72EB-4152-9465-C62A3D48C185} : NameServer = 192.168.1.1
TCP: Interfaces\{8E9D5849-E3FA-4BA3-8918-A671EB975336} : NameServer = 192.168.1.1
TCP: Interfaces\{9E1F337E-C3C8-4FE6-978B-1D0758231E11} : DhcpNameServer = 192.168.1.1
Notify: LMIinit - LMIinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\proprietario\dati applicazioni\mozilla\firefox\profiles\8bd13loh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - plugin: c:\documents and settings\proprietario\dati applicazioni\mozilla\firefox\profiles\8bd13loh.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2011-12-17 911552]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-17 36000]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\file comuni\acronis\cdp\afcdpsrv.exe [2011-12-17 2326920]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-12-17 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2011-12-17 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-11 74640]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-11 47640]
R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2011-12-18 366152]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-17 159168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-18 22216]
S2 IDriveE Service;IDriveE Service;"c:\programmi\idrive\idrivee service.exe" --> c:\programmi\idrive\IDriveE Service.exe [?]
S2 IDriveWebM;IDrive WebManager;"c:\programmi\idrive\idrivewebm.exe" --> c:\programmi\idrive\IDriveWebM.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-12-18 10:19:17 -------- d-----w- c:\documents and settings\proprietario\dati applicazioni\Malwarebytes
2011-12-18 10:01:19 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes
2011-12-18 10:01:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 10:01:14 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-12-17 17:00:03 -------- d-----w- c:\documents and settings\proprietario\dati applicazioni\Avira
2011-12-17 16:59:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-17 16:59:27 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Avira
2011-12-17 16:57:43 23776 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-12-17 16:57:43 18656 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-12-17 16:57:43 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-12-17 16:57:41 15584 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-12-17 16:57:41 15584 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-12-17 16:24:42 -------- d-----w- c:\programmi\msn gaming zone
2011-12-17 16:17:17 -------- d-----w- c:\windows\system32\dllcache
2011-12-17 16:15:50 16384 ----a-w- c:\programmi\internet explorer\connection wizard\isignup.exe
2011-12-17 16:13:10 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2011-12-17 16:13:10 29696 ----a-w- c:\windows\system32\irmon.dll
2011-12-17 16:13:10 152576 ----a-w- c:\windows\system32\irftp.exe
2011-12-17 16:13:09 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-12-17 15:36:53 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-12-17 15:35:14 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2011-12-17 15:33:52 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-12-17 15:33:52 13312 ----a-w- c:\windows\system32\irclass.dll
2011-12-17 15:33:40 16825 ----a-r- c:\windows\SET46.tmp
2011-12-17 15:33:38 1089138 ----a-r- c:\windows\SET2D.tmp
2011-12-17 15:33:37 1246366 ----a-r- c:\windows\SET27.tmp
2011-12-17 14:49:59 -------- d-sha-r- C:\cmdcons
2011-12-17 14:49:12 -------- d-----w- C:\bbhbh
2011-12-17 14:41:57 1826624 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-12-17 14:41:34 -------- d-----r- C:\bootwiz
2011-12-17 14:37:05 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-17 14:37:01 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2011-12-17 14:36:59 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-17 14:36:55 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-17 14:36:45 -------- d-----w- c:\programmi\file comuni\Acronis
2011-12-17 14:24:18 -------- d-----w- c:\windows\system32\wbem\snmp
2011-12-17 14:24:16 -------- d-----w- c:\windows\system32\xircom
2011-12-17 13:56:29 98816 ----a-w- c:\windows\sed.exe
2011-12-17 13:56:29 518144 ----a-w- c:\windows\SWREG.exe
2011-12-17 13:56:29 256000 ----a-w- c:\windows\PEV.exe
2011-12-17 13:56:29 208896 ----a-w- c:\windows\MBR.exe
2011-12-17 12:07:58 16825 ----a-r- c:\windows\SET66.tmp
2011-12-17 12:07:56 1089138 ----a-r- c:\windows\SET51.tmp
2011-12-17 12:07:54 1246366 ----a-r- c:\windows\SET45.tmp
2011-12-14 22:39:41 16825 ----a-r- c:\windows\SET55.tmp
2011-12-14 22:39:39 1089138 ----a-r- c:\windows\SET3F.tmp
2011-12-14 22:39:38 1246366 ----a-r- c:\windows\SET33.tmp
2011-12-14 22:33:20 16825 ----a-r- c:\windows\SET48.tmp
2011-12-14 22:33:18 1089138 ----a-r- c:\windows\SET30.tmp
2011-12-14 22:33:17 1246366 ----a-r- c:\windows\SET2A.tmp
2011-12-14 21:52:35 -------- d-----w- C:\ClamWinPortable
2011-12-14 21:29:06 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-12-14 21:13:38 16825 ----a-r- c:\windows\SET34.tmp
2011-12-14 21:13:36 1089138 ----a-r- c:\windows\SET28.tmp
2011-12-14 21:13:35 1246366 ----a-r- c:\windows\SET25.tmp
2011-12-14 21:06:35 16825 ----a-r- c:\windows\SET32.tmp
2011-12-14 21:06:33 1089138 ----a-r- c:\windows\SET26.tmp
2011-12-14 21:06:32 1246366 ----a-r- c:\windows\SET23.tmp
2011-12-14 13:11:15 -------- d-----w- c:\programmi\A3306
2011-12-14 13:10:41 -------- d-----w- c:\documents and settings\proprietario\dati applicazioni\2C2A3
2011-12-03 17:19:38 -------- d-----w- c:\documents and settings\all users\dati applicazioni\WEBREG
2011-12-03 17:17:40 -------- d-----w- c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\HP
2011-12-03 17:11:29 -------- d-----w- c:\programmi\file comuni\HP
2011-12-03 17:11:26 -------- d-----w- c:\programmi\file comuni\Hewlett-Packard
2011-12-03 17:11:10 -------- d-----w- c:\windows\hpoj4500g510n-z
2011-12-03 17:07:58 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-12-03 17:07:41 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-12-03 17:05:21 316928 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp092.dll
2011-12-03 17:05:20 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2011-12-03 17:05:19 452408 ----a-r- c:\windows\system32\hpzids01.dll
2011-12-03 17:04:56 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-12-03 17:02:51 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-12-03 17:02:51 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-12-03 17:02:50 593920 ----a-r- c:\windows\system32\hpwtscl5.dll
2011-12-03 17:02:50 315392 ----a-r- c:\windows\system32\hpwvst01.dll
2011-12-03 17:02:49 716288 ----a-r- c:\windows\system32\hpwwiax9.dll
2011-12-03 17:02:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-11-20 10:13:33 27264 ------w- c:\windows\system32\drivers\rndismpk.sys
2011-11-20 10:13:33 11136 ------w- c:\windows\system32\drivers\usb8023k.sys
2011-11-20 10:13:33 -------- d-----w- c:\programmi\USB Remote NDIS Network Device
2011-11-20 10:11:38 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2011-11-20 10:11:38 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
.
==================== Find3M ====================
.
2011-12-17 14:23:56 116736 ----a-w- c:\windows\system32\drivers\nvrd32.sys
2011-12-07 17:22:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-07 17:22:08 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-12-07 17:22:00 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-07 17:21:58 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-27 19:42:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 07:19:58 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-10-10 07:19:57 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
============= FINISH: 16.41.16,00 ===============
 
I still need Attach.txt part of DDS.

Then...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Please some hours for combofix, in the meantime i post DDS and aswMBR

------------------Attach.txt part of DDS---------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 17/12/11 17.17.35
System Uptime: 19/12/11 12.30.40 (20 hours ago)
.
Motherboard: ASRock | | ALiveNF7G-GLAN
Processor: AMD Sempron(tm) Processor LE-1250 | CPUSocket | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 56,71 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 81 GiB total, 66,928 GiB free.
F: is FIXED (NTFS) - 68 GiB total, 60,922 GiB free.
G: is FIXED (NTFS) - 81 GiB total, 79,471 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet 4500 G510n-z
Device ID: USB\VID_03F0&PID_2E12&MI_00\6&376FB3B0&0&0000
Manufacturer: Hewlett-Packard
Name: Officejet 4500 G510n-z
PNP Device ID: USB\VID_03F0&PID_2E12&MI_00\6&376FB3B0&0&0000
Service: usbscan
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Officejet 4500 G510n-z (DOT4USB)
Device ID: USB\VID_03F0&PID_2E12&MI_02\6&376FB3B0&0&0002
Manufacturer: Hewlett-Packard
Name: Officejet 4500 G510n-z (DOT4USB)
PNP Device ID: USB\VID_03F0&PID_2E12&MI_02\6&376FB3B0&0&0002
Service: HPZius12
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV054C\4&266E55D&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV054C\4&266E55D&0&00
Service: NVENETFD
.
==== System Restore Points ===================
.
RP1: 17/12/11 17.25.09 - Punto di arresto del sistema
RP2: 17/12/11 17.47.20 - Avira AntiVir Personal - 17/12/11 17.47
RP3: 17/12/11 17.47.55 - LogMeIn rimosso
RP4: 17/12/11 17.56.48 - LogMeIn installato
RP5: 18/12/11 18.53.59 - Punto di arresto del sistema
RP6: 19/12/11 19.35.12 - Punto di arresto del sistema
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acronis True Image Home
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 - Italiano
AMD Processor Driver
Avira Free Antivirus
BufferChm
CMDialog ActiveX Control DLL
Destinations
DeviceDiscovery
DocMgr
DocProc
Fax
GPBaseService2
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HPProductAssistant
IDrive version 3.3.0 August 31, 2009
Java Auto Updater
Java(TM) 6 Update 19
LogMeIn
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Common Controls 2 ActiveX Control DLL
Microsoft Component Category Manager Library
Microsoft Internet Transfer Control DLL
Microsoft OLE 2.40 for Windows NT(TM) and Windows 95(TM) Operating Systems
Microsoft Standard Data Formating Object DLL
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Winsock Control DLL
Microsoft XML Parser
MilleGPG 1.3.0330
Millewin vers. 13.38
Mozilla Firefox 8.0.1 (x86 it)
MSMAPI Controls
MSXML 4.0 SP2 Parser and SDK
Network
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OpenOffice.org 3.1
Ralink Wireless LAN Card
Realtek High Definition Audio Driver
Scan
SmartWebPrinting
SOAP SDK Files
SOAP SDK ISAPI Files
SolutionCenter
Status
TABCTL32 OLE Control DLL
Toolbox
TrayApp
USB Remote NDIS Network Device
WebFldrs XP
WebReg
Windows Common Controls ActiveX Control DLL
WinRAR gestione archivi
.
==== End Of File ===========================


-------------------------------------------------------------------------

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-19 07:02:31
-----------------------------
07:02:31.281 OS Version: Windows 5.1.2600 Service Pack 3
07:02:31.281 Number of processors: 1 586 0x7F02
07:02:31.296 ComputerName: USERXP-9E715B09 UserName: Proprietario
07:02:32.906 Initialize success
07:05:20.156 AVAST engine defs: 11121801
07:07:41.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
07:07:41.046 Disk 0 Vendor: MAXTOR_STM3160813AS MC1J Size: 152627MB BusType: 3
07:07:41.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
07:07:41.062 Disk 1 Vendor: MAXTOR_STM3160215AS 4.AAB Size: 152627MB BusType: 3
07:07:41.078 Disk 0 MBR read successfully
07:07:41.078 Disk 0 MBR scan
07:07:41.125 Disk 0 unknown MBR code
07:07:41.125 Disk 0 scanning sectors +312576705
07:07:41.203 Disk 0 scanning C:\WINDOWS\system32\drivers
07:07:55.578 Service scanning
07:07:56.781 Modules scanning
07:08:08.609 Disk 0 trace - called modules:
07:08:08.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
07:08:09.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bbaab8]
07:08:09.140 3 CLASSPNP.SYS[ba8c8fd7] -> nt!IofCallDriver -> \Device\00000071[0x89bbb3b8]
07:08:09.140 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89c11d98]
07:08:09.687 AVAST engine scan C:\WINDOWS
07:08:40.609 AVAST engine scan C:\WINDOWS\system32
07:12:08.796 AVAST engine scan C:\WINDOWS\system32\drivers
07:12:24.875 AVAST engine scan C:\Documents and Settings\Proprietario
07:14:40.968 AVAST engine scan C:\Documents and Settings\All Users
07:15:12.937 Scan finished successfully
07:20:34.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Proprietario\Desktop\MBR.dat"
07:20:34.578 The log file has been saved successfully to "C:\Documents and Settings\Proprietario\Desktop\aswMBR.txt"
 
ComboFix 11-12-20.01 - Proprietario 20/12/11 14.49.26.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1791.1196 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-20 al 2011-12-20 )))))))))))))))))))))))))))))))))))
.
.
2011-12-20 07:32 . 2011-12-20 07:33 -------- d-----w- c:\windows\LastGood
2011-12-19 15:08 . 2011-12-20 08:37 -------- d-----w- c:\documents and settings\LogMeInRemoteUser.USERXP-9E715B09
2011-12-18 10:19 . 2011-12-18 10:19 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Malwarebytes
2011-12-18 10:01 . 2011-12-18 10:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-12-18 10:01 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 10:01 . 2011-12-18 10:01 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-12-17 17:00 . 2011-12-17 17:00 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Avira
2011-12-17 16:59 . 2011-12-19 17:01 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-17 16:59 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-17 16:59 . 2011-12-17 16:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2011-12-17 16:57 . 2009-08-06 18:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-12-17 16:57 . 2009-08-06 18:23 23776 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-12-17 16:57 . 2009-08-06 18:23 18656 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-12-17 16:57 . 2009-08-06 18:23 15584 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-12-17 16:57 . 2009-08-06 18:23 15584 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-12-17 16:17 . 2011-12-20 07:33 -------- d-----w- c:\windows\system32\dllcache
2011-12-17 16:15 . 2004-08-19 12:00 16384 ----a-w- c:\programmi\Internet Explorer\Connection Wizard\isignup.exe
2011-12-17 16:13 . 2008-04-13 18:14 152576 ----a-w- c:\windows\system32\irftp.exe
2011-12-17 16:13 . 2008-04-13 18:13 29696 ----a-w- c:\windows\system32\irmon.dll
2011-12-17 16:13 . 2008-04-13 10:54 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2011-12-17 16:13 . 2008-04-13 18:13 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-12-17 15:36 . 2008-04-13 08:35 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-12-17 15:35 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2011-12-17 15:33 . 2004-08-19 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-12-17 15:33 . 2004-08-19 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-12-17 15:33 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET46.tmp
2011-12-17 15:33 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET2D.tmp
2011-12-17 15:33 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET27.tmp
2011-12-17 14:49 . 2011-12-17 14:54 -------- d-----w- C:\bbhbh
2011-12-17 14:41 . 2011-12-17 14:41 1826624 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-12-17 14:41 . 2011-12-17 14:41 -------- d-----r- C:\bootwiz
2011-12-17 14:37 . 2011-12-17 14:37 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-17 14:37 . 2011-12-17 14:37 911552 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2011-12-17 14:36 . 2011-12-17 14:37 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-17 14:36 . 2011-12-17 14:36 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-17 14:36 . 2011-12-17 14:37 -------- d-----w- c:\programmi\File comuni\Acronis
2011-12-17 14:36 . 2011-12-17 14:36 -------- d-----w- c:\programmi\Acronis
2011-12-17 14:24 . 2011-12-17 14:24 -------- d-----w- c:\windows\system32\wbem\snmp
2011-12-17 14:24 . 2011-12-17 14:24 -------- d-----w- c:\windows\system32\xircom
2011-12-17 14:24 . 2011-12-17 14:24 -------- d-----w- c:\programmi\microsoft frontpage
2011-12-17 12:07 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET66.tmp
2011-12-17 12:07 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET51.tmp
2011-12-17 12:07 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET45.tmp
2011-12-14 22:39 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET55.tmp
2011-12-14 22:39 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET3F.tmp
2011-12-14 22:39 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET33.tmp
2011-12-14 22:33 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET48.tmp
2011-12-14 22:33 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET30.tmp
2011-12-14 22:33 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET2A.tmp
2011-12-14 21:52 . 2011-12-14 21:52 -------- d-----w- C:\ClamWinPortable
2011-12-14 21:29 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-12-14 21:13 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET34.tmp
2011-12-14 21:13 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET28.tmp
2011-12-14 21:13 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET25.tmp
2011-12-14 21:06 . 2008-04-13 18:03 16825 ----a-r- c:\windows\SET32.tmp
2011-12-14 21:06 . 2008-04-13 18:03 1089138 ----a-r- c:\windows\SET26.tmp
2011-12-14 21:06 . 2008-04-13 18:10 1246366 ----a-r- c:\windows\SET23.tmp
2011-12-14 18:27 . 2011-12-14 18:27 -------- d-----w- c:\documents and settings\Administrator
2011-12-14 14:03 . 2011-12-14 14:03 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\HPAppData
2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\programmi\A3306
2011-12-14 13:10 . 2011-12-17 12:45 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\2C2A3
2011-12-03 17:19 . 2011-12-03 17:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG
2011-12-03 17:17 . 2011-12-03 17:17 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\HP
2011-12-03 17:14 . 2011-12-03 17:19 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\HP
2011-12-03 17:13 . 2011-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2011-12-03 17:11 . 2011-12-03 17:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\programmi\File comuni\HP
2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\windows\hpoj4500g510n-z
2011-12-03 17:07 . 2009-05-18 21:49 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-12-03 17:07 . 2009-05-18 21:49 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-12-03 17:05 . 2009-06-09 00:43 316928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092.dll
2011-12-03 17:05 . 2009-06-09 00:43 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2011-12-03 17:05 . 2009-05-21 13:14 452408 ----a-r- c:\windows\system32\hpzids01.dll
2011-12-03 17:04 . 2009-05-18 21:49 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-12-03 17:02 . 2009-05-18 21:49 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-12-03 17:02 . 2009-05-18 21:49 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-12-03 17:02 . 2009-05-26 17:32 593920 ----a-r- c:\windows\system32\hpwtscl5.dll
2011-12-03 17:02 . 2009-05-26 17:32 315392 ----a-r- c:\windows\system32\hpwvst01.dll
2011-12-03 17:02 . 2009-05-26 17:32 716288 ----a-r- c:\windows\system32\hpwwiax9.dll
2011-12-03 17:02 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 14:23 . 2009-09-10 20:46 116736 ----a-w- c:\windows\system32\drivers\nvrd32.sys
2011-12-07 17:22 . 2009-09-11 15:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-07 17:22 . 2009-09-11 15:39 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-07 17:22 . 2009-09-11 15:39 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-07 17:21 . 2009-09-11 15:39 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-27 19:42 . 2011-05-23 12:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 07:19 . 2009-09-11 15:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-10-10 07:19 . 2009-09-11 15:39 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-11-27 18:58 . 2011-05-30 10:39 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-12 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-12-17_14.24.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 21:09 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2009-09-10 21:09 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2011-02-19 22:03 . 2011-02-19 22:03 51024 c:\windows\system32\vcomp100.dll
- 2008-04-13 19:13 . 2008-04-13 18:13 76800 c:\windows\system32\usbui.dll
+ 2008-04-13 19:13 . 2008-04-13 17:25 76800 c:\windows\system32\usbui.dll
+ 2011-12-17 16:57 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2011-12-17 16:57 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2011-12-17 16:57 . 2011-12-07 17:22 43392 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2009-09-11 15:39 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
- 2009-09-11 15:39 . 2011-10-10 07:19 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2009-09-11 15:39 . 2011-12-07 17:22 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2009-09-11 15:39 . 2011-10-10 07:19 55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2009-09-11 15:39 . 2011-12-07 17:22 43392 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
- 2009-09-11 15:39 . 2011-10-10 07:19 43392 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2011-12-17 16:57 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-09-10 20:47 . 2011-12-17 16:57 48798 c:\windows\system32\perfc010.dat
+ 2009-09-10 20:47 . 2011-12-17 16:57 41034 c:\windows\system32\perfc009.dat
+ 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\system32\mfc100deu.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\system32\mfc100chs.dll
+ 2008-08-11 10:40 . 2011-09-16 13:10 11552 c:\windows\system32\lmimirr2.dll
- 2008-08-11 10:40 . 2008-08-11 10:40 11552 c:\windows\system32\lmimirr2.dll
+ 2008-08-11 10:40 . 2011-09-16 13:10 25248 c:\windows\system32\lmimirr.dll
- 2008-08-11 10:40 . 2008-08-11 10:40 25248 c:\windows\system32\lmimirr.dll
+ 2008-04-13 19:13 . 2008-04-13 17:25 21504 c:\windows\system32\hidserv.dll
- 2008-04-13 19:13 . 2008-04-13 18:13 21504 c:\windows\system32\hidserv.dll
- 2008-04-13 19:13 . 2008-04-13 18:13 20992 c:\windows\system32\hid.dll
+ 2008-04-13 19:13 . 2008-04-13 17:25 20992 c:\windows\system32\hid.dll
+ 2009-09-10 21:08 . 2011-12-17 16:15 23040 c:\windows\system32\emptyregdb.dat
- 2009-09-10 21:08 . 2011-12-17 12:26 23040 c:\windows\system32\emptyregdb.dat
+ 2008-04-13 09:45 . 2008-04-13 09:45 26368 c:\windows\system32\drivers\usbstor.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 26368 c:\windows\system32\drivers\USBSTOR.SYS
- 2008-04-13 09:45 . 2008-04-13 10:45 17152 c:\windows\system32\drivers\usbohci.sys
+ 2008-04-13 09:45 . 2008-04-13 09:45 17152 c:\windows\system32\drivers\usbohci.sys
+ 2008-04-13 09:45 . 2008-04-13 09:45 59520 c:\windows\system32\drivers\usbhub.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 59520 c:\windows\system32\drivers\usbhub.sys
+ 2008-04-13 09:45 . 2008-04-13 09:45 30208 c:\windows\system32\drivers\usbehci.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 30208 c:\windows\system32\drivers\usbehci.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 32128 c:\windows\system32\drivers\usbccgp.sys
+ 2008-04-13 09:45 . 2008-04-13 09:45 32128 c:\windows\system32\drivers\usbccgp.sys
+ 2008-04-13 11:45 . 2008-04-13 17:25 56576 c:\windows\system32\drivers\swmidi.sys
- 2008-04-13 11:45 . 2008-04-13 10:45 56576 c:\windows\system32\drivers\swmidi.sys
- 2009-09-11 15:33 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-12-17 16:59 . 2010-06-17 14:14 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2008-04-13 16:51 . 2008-04-13 17:51 65792 c:\windows\system32\drivers\serial.sys
+ 2008-04-13 16:51 . 2008-04-13 16:51 65792 c:\windows\system32\drivers\serial.sys
+ 2008-04-13 09:40 . 2008-04-13 09:40 15744 c:\windows\system32\drivers\serenum.sys
- 2008-04-13 09:40 . 2008-04-13 10:40 15744 c:\windows\system32\drivers\serenum.sys
+ 2008-04-13 09:40 . 2008-04-13 09:40 24960 c:\windows\system32\drivers\pciidex.sys
- 2008-04-13 09:40 . 2008-04-13 10:40 24960 c:\windows\system32\drivers\pciidex.sys
+ 2008-04-13 16:56 . 2008-04-13 16:56 68736 c:\windows\system32\drivers\pci.sys
- 2008-04-13 16:56 . 2008-04-13 17:56 68736 c:\windows\system32\drivers\pci.sys
- 2008-04-13 18:55 . 2008-04-13 17:55 80256 c:\windows\system32\drivers\parport.sys
+ 2008-04-13 18:55 . 2008-04-13 17:25 80256 c:\windows\system32\drivers\parport.sys
- 2008-04-13 11:36 . 2008-04-13 10:36 15488 c:\windows\system32\drivers\mssmbios.sys
+ 2008-04-13 11:36 . 2008-04-13 17:25 15488 c:\windows\system32\drivers\mssmbios.sys
+ 2001-08-30 20:41 . 2004-08-19 12:00 12160 c:\windows\system32\drivers\mouhid.sys
- 2001-08-30 20:41 . 2001-08-30 19:41 12160 c:\windows\system32\drivers\mouhid.sys
- 2008-04-13 18:47 . 2008-04-13 17:47 23552 c:\windows\system32\drivers\mouclass.sys
+ 2008-04-13 18:47 . 2008-04-13 17:25 23552 c:\windows\system32\drivers\mouclass.sys
- 2009-09-11 15:39 . 2008-08-11 10:41 47640 c:\windows\system32\drivers\LMIRfsDriver.sys
+ 2009-09-11 15:39 . 2011-09-16 13:10 47640 c:\windows\system32\drivers\LMIRfsDriver.sys
+ 2008-08-11 10:40 . 2011-09-16 13:10 10144 c:\windows\system32\drivers\lmimirr.sys
- 2008-08-11 10:40 . 2008-08-11 10:40 10144 c:\windows\system32\drivers\lmimirr.sys
+ 2008-04-13 16:53 . 2008-04-13 16:53 14720 c:\windows\system32\drivers\kbdhid.sys
- 2008-04-13 16:53 . 2008-04-13 17:53 14720 c:\windows\system32\drivers\kbdhid.sys
+ 2008-04-13 16:53 . 2008-04-13 16:53 25088 c:\windows\system32\drivers\kbdclass.sys
- 2008-04-13 16:53 . 2008-04-13 17:53 25088 c:\windows\system32\drivers\kbdclass.sys
+ 2008-04-13 16:52 . 2008-04-13 16:52 37504 c:\windows\system32\drivers\isapnp.sys
- 2008-04-13 16:52 . 2008-04-13 17:52 37504 c:\windows\system32\drivers\isapnp.sys
- 2008-04-13 09:41 . 2008-04-13 10:41 42112 c:\windows\system32\drivers\imapi.sys
+ 2008-04-13 09:41 . 2008-04-13 09:41 42112 c:\windows\system32\drivers\imapi.sys
+ 2008-04-13 09:45 . 2008-04-13 09:45 10368 c:\windows\system32\drivers\hidusb.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 10368 c:\windows\system32\drivers\hidusb.sys
+ 2008-04-13 09:45 . 2008-04-13 09:45 24960 c:\windows\system32\drivers\hidparse.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 24960 c:\windows\system32\drivers\hidparse.sys
+ 2008-04-13 09:45 . 2008-04-13 09:45 36864 c:\windows\system32\drivers\hidclass.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 36864 c:\windows\system32\drivers\hidclass.sys
- 2008-04-13 11:45 . 2008-04-13 10:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2008-04-13 11:45 . 2008-04-13 17:25 60160 c:\windows\system32\drivers\drmk.sys
- 2008-04-13 09:40 . 2008-04-13 10:40 36352 c:\windows\system32\drivers\disk.sys
+ 2008-04-13 09:40 . 2008-04-13 09:40 36352 c:\windows\system32\drivers\disk.sys
- 2008-04-13 09:40 . 2008-04-13 10:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2008-04-13 09:40 . 2008-04-13 09:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2009-09-11 15:33 . 2011-09-15 22:55 74640 c:\windows\system32\drivers\avgntflt.sys
+ 2008-04-13 09:40 . 2008-04-13 09:40 96512 c:\windows\system32\drivers\atapi.sys
- 2008-04-13 09:40 . 2008-04-13 10:40 96512 c:\windows\system32\drivers\atapi.sys
+ 2009-09-10 21:09 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2011-12-03 17:02 . 2008-04-13 10:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2008-04-13 17:13 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-09-10 21:10 . 2011-12-17 16:19 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-10 21:10 . 2011-12-17 12:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 12:33 . 2011-12-17 16:19 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012011121720111218\index.dat
- 2011-12-17 12:33 . 2011-12-17 12:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012011121720111218\index.dat
- 2009-09-10 21:10 . 2011-12-17 12:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-09-10 21:10 . 2011-12-17 16:19 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2011-12-17 16:19 . 2011-12-17 16:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-09-10 21:10 . 2011-12-17 12:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-13 17:13 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2011-12-20 07:32 . 2008-04-13 10:45 15104 c:\windows\LastGood\system32\drivers\usbscan.sys
+ 2011-12-20 07:33 . 2009-05-18 21:49 21568 c:\windows\LastGood\system32\drivers\HPZius12.sys
+ 2008-04-13 11:36 . 2008-04-13 17:25 8832 c:\windows\system32\drivers\wmiacpi.sys
- 2008-04-13 11:36 . 2008-04-13 10:36 8832 c:\windows\system32\drivers\wmiacpi.sys
- 2004-08-19 12:00 . 2001-08-17 21:03 4736 c:\windows\system32\drivers\usbd.sys
+ 2004-08-19 12:00 . 2004-08-19 12:00 4736 c:\windows\system32\drivers\usbd.sys
- 2008-04-13 11:39 . 2008-04-13 10:39 4352 c:\windows\system32\drivers\swenum.sys
+ 2008-04-13 11:39 . 2008-04-13 17:25 4352 c:\windows\system32\drivers\swenum.sys
+ 2004-08-19 12:00 . 2004-08-19 12:00 3328 c:\windows\system32\drivers\pciide.sys
- 2004-08-19 12:00 . 2001-08-30 20:54 3328 c:\windows\system32\drivers\pciide.sys
- 2008-04-13 11:45 . 2008-04-13 10:45 2944 c:\windows\system32\drivers\drmkaud.sys
+ 2008-04-13 11:45 . 2008-04-13 17:25 2944 c:\windows\system32\drivers\drmkaud.sys
+ 2006-12-01 21:54 . 2006-12-01 21:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54 . 2006-12-01 21:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54 . 2006-12-01 21:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-09-10 20:51 . 2004-08-19 12:00 921088 c:\windows\WinSxS\InstallTemp\60832\comctl32.dll
+ 2006-12-01 21:36 . 2006-12-01 21:36 796672 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcr80.dll
+ 2006-12-01 21:37 . 2006-12-01 21:37 516096 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcm80.dll
+ 2009-09-10 21:09 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2009-09-10 21:09 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2009-09-10 21:09 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2009-09-10 20:47 . 2011-12-17 16:57 349206 c:\windows\system32\perfh010.dat
+ 2009-09-10 20:47 . 2011-12-17 16:57 315180 c:\windows\system32\perfh009.dat
+ 2011-02-18 23:40 . 2011-02-18 23:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 421200 c:\windows\system32\msvcp100.dll
- 2009-09-10 23:04 . 2011-12-17 12:32 111784 c:\windows\system32\FNTCACHE.DAT
+ 2009-09-10 23:04 . 2011-12-17 16:19 111784 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-13 09:45 . 2008-04-13 09:45 143872 c:\windows\system32\drivers\usbport.sys
- 2008-04-13 09:45 . 2008-04-13 10:45 143872 c:\windows\system32\drivers\usbport.sys
- 2008-04-13 11:45 . 2008-04-13 10:45 172416 c:\windows\system32\drivers\kmixer.sys
+ 2008-04-13 11:45 . 2008-04-13 17:25 172416 c:\windows\system32\drivers\kmixer.sys
- 2004-08-19 12:00 . 2001-08-30 21:03 125824 c:\windows\system32\drivers\ftdisk.sys
+ 2004-08-19 12:00 . 2004-08-19 12:00 125824 c:\windows\system32\drivers\ftdisk.sys
+ 2008-04-13 09:39 . 2008-04-13 17:25 142592 c:\windows\system32\drivers\aec.sys
- 2008-04-13 09:39 . 2008-04-13 08:39 142592 c:\windows\system32\drivers\aec.sys
- 2008-04-13 16:47 . 2008-04-13 17:47 188416 c:\windows\system32\drivers\acpi.sys
+ 2008-04-13 16:47 . 2008-04-13 16:47 188416 c:\windows\system32\drivers\acpi.sys
+ 2009-09-10 21:09 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-09-10 21:09 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-09-10 21:09 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 138056 c:\windows\system32\atl100.dll
- 2009-09-10 21:10 . 2011-12-17 12:30 286720 c:\windows\repair\ntuser.dat
+ 2009-09-10 21:10 . 2011-12-17 16:17 286720 c:\windows\repair\ntuser.dat
+ 2011-12-20 07:32 . 2009-05-26 17:32 716288 c:\windows\LastGood\system32\hpwwiax9.dll
+ 2011-12-20 07:32 . 2009-05-26 17:32 315392 c:\windows\LastGood\system32\hpwvst01.dll
+ 2011-12-20 07:32 . 2009-05-26 17:32 593920 c:\windows\LastGood\system32\hpwtscl5.dll
+ 2011-12-20 07:32 . 2009-05-18 21:49 372736 c:\windows\LastGood\system32\hppldcoi.dll
+ 2011-12-20 07:32 . 2009-05-18 21:49 309760 c:\windows\LastGood\system32\difxapi.dll
+ 2011-12-17 16:58 . 2011-12-17 16:58 160768 c:\windows\Installer\1363a.msi
+ 2006-12-01 21:39 . 2006-12-01 21:39 1061376 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcp80.dll
+ 2009-09-10 21:09 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03 4397384 c:\windows\system32\mfc100.dll
+ 2009-09-10 21:09 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2011-12-17 16:57 . 2011-12-17 16:57 3984384 c:\windows\Installer\13632.msi
+ 2011-12-17 14:37 . 2011-12-17 14:37 20232704 c:\windows\Installer\8a62.msi
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDriveE Startup"="c:\programmi\IDrive\IDrvieEStartup.exe" [2009-08-26 167936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-05-04 188200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-09 8491008]
"nwiz"="nwiz.exe" [2007-11-09 1626112]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-09 81920]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-06 5076088]
"Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-10-06 357688]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-13 101888]
"_nltide_3"="advpack.dll" [2008-04-13 101888]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [BU]
.
c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
IDrive Tray.lnk - c:\programmi\IDrive\IDriveEReg2ini.exe [2009-9-11 274432]
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-07 17:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{be656685-28ae-11e1-8510-806d6172696f}\bootwiz\asrm.bin
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [17/12/11 15.37.01 911552]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17/12/11 17.59.28 36000]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programmi\File comuni\Acronis\CDP\afcdpsrv.exe [17/12/11 15.37.03 2326920]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [17/12/11 17.59.29 86224]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\LogMeIn\x86\LMIGuardianSvc.exe [07/12/11 18.21.44 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [16/09/11 14.10.50 12856]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [18/12/11 11.01.21 366152]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [17/12/11 15.37.05 159168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/12/11 11.01.15 22216]
S2 IDriveE Service;IDriveE Service;"c:\programmi\IDrive\IDriveE Service.exe" --> c:\programmi\IDrive\IDriveE Service.exe [?]
S2 IDriveWebM;IDrive WebManager;"c:\programmi\IDrive\IDriveWebM.exe" --> c:\programmi\IDrive\IDriveWebM.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{1075E897-72EB-4152-9465-C62A3D48C185}: NameServer = 192.168.1.1
TCP: Interfaces\{8E9D5849-E3FA-4BA3-8918-A671EB975336}: NameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\8bd13loh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Ora fine scansione: 2011-12-20 14:55:52
ComboFix-quarantined-files.txt 2011-12-20 13:55
ComboFix2.txt 2011-12-17 14:54
ComboFix3.txt 2011-12-17 14:27
.
Pre-Run: 60.843.712.512 byte disponibili
Post-Run: 60.943.413.248 byte disponibili
.
- - End Of File - - 5E6A9AAFAE68E8D50C25D7C986870577
 
I don't see much there....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 21/12/11 16.51.55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Proprietario\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yy

1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,60% Memory free
3,60 Gb Paging File | 2,39 Gb Available in Paging File | 66,41% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 68,36 Gb Total Space | 56,71 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
Drive E: | 80,69 Gb Total Space | 66,93 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
Drive F: | 68,36 Gb Total Space | 60,92 Gb Free Space | 89,12% Space Free | Partition Type: NTFS
Drive G: | 80,69 Gb Total Space | 79,47 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

Computer Name: USERXP-9E715B09 | User Name: Proprietario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 16.50.33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe
PRC - [2011/12/17 15.37.03 | 002,326,920 | ---- | M] (Acronis) -- C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe
PRC - [2011/12/07 18.21.50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\ramaint.exe
PRC - [2011/12/07 18.21.44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/27 19.58.00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2011/11/08 16.29.24 | 005,898,240 | ---- | M] () -- C:\Programmi\Millewin\millepat.exe
PRC - [2011/11/08 16.25.16 | 010,084,864 | ---- | M] () -- C:\Programmi\Millewin\millewin.exe
PRC - [2011/09/23 18.08.19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18.01.09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11.38.21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 14.10.50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 14.10.50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/09/16 02.34.43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/08/31 17.00.48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17.00.48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/02/18 10.43.18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2009/10/06 15.39.02 | 000,357,688 | ---- | M] (Acronis) -- C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
PRC - [2009/10/06 15.38.56 | 000,660,824 | ---- | M] (Acronis) -- C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
PRC - [2009/10/06 15.37.50 | 005,076,088 | ---- | M] (Acronis) -- C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/27 16.09.20 | 001,916,928 | ---- | M] (Pro Softnet Corp.) -- C:\Programmi\IDrive\IDriveETray.exe
PRC - [2009/08/19 09.31.50 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09.29.46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/05 13.25.18 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\Programmi\IDrive\IDriveEBackground.exe
PRC - [2009/04/24 08.45.08 | 000,365,056 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006SM.exe
PRC - [2008/06/09 15.40.12 | 002,113,620 | ---- | M] () -- C:\Programmi\Millewin\mw_aic.exe
PRC - [2008/04/13 18.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/04 14.51.52 | 000,188,200 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [1997/10/01 16.54.32 | 000,826,392 | ---- | M] () -- C:\SqlAny50\Win32\RTDSK50.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/20 18.50.35 | 000,106,604 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\e3610661c80aeec39b1811312a5009ce\Zlib.dll
MOD - [2011/12/20 18.50.35 | 000,061,543 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\031d49575325feb36c29f85429fb4c68\Storable.dll
MOD - [2011/12/20 18.50.35 | 000,028,772 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\28d3e9f97addc0689e18ba30324e4fea\Util.dll
MOD - [2011/12/20 18.50.35 | 000,024,691 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\62911a4ddde77b7178ac7e7593fd73ca\HiRes.dll
MOD - [2011/12/20 18.50.35 | 000,024,676 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\5550b37552e5976c472c04d8644bf185\Glob.dll
MOD - [2011/12/20 18.50.35 | 000,024,673 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\c7ea35d3218d6672955a4491a9f2cf3a\Fcntl.dll
MOD - [2011/12/20 18.50.35 | 000,020,573 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\1bd8ac0eae3e27dc366c1731cab62818\Cwd.dll
MOD - [2011/12/20 18.50.34 | 000,024,676 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\106d755f906aeba53646ab2744f94db5\MD5.dll
MOD - [2011/12/20 18.50.34 | 000,024,667 | R--- | M] () -- C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\pdk-Proprietario\7cbf8107578b3d517d9da6e3353af7ad\IO.dll
MOD - [2011/11/27 20.42.50 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/27 19.57.58 | 001,989,592 | ---- | M] () -- C:\Programmi\Mozilla Firefox\mozjs.dll
MOD - [2011/11/08 16.29.24 | 005,898,240 | ---- | M] () -- C:\Programmi\Millewin\millepat.exe
MOD - [2011/11/08 16.25.16 | 010,084,864 | ---- | M] () -- C:\Programmi\Millewin\millewin.exe
MOD - [2011/10/31 17.32.22 | 000,405,504 | ---- | M] () -- C:\Programmi\Millewin\millecab.dll
MOD - [2011/09/16 02.05.58 | 000,398,288 | ---- | M] () -- C:\Programmi\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/04/29 15.04.38 | 000,159,744 | ---- | M] () -- C:\Programmi\Millewin\DEDA32W0.dll
MOD - [2011/03/08 18.26.54 | 000,479,744 | ---- | M] () -- C:\Programmi\Millewin\MLL_XDOM.ocx
MOD - [2009/10/27 09.56.56 | 000,465,920 | ---- | M] () -- C:\Programmi\Millewin\Utils.dll
MOD - [2009/08/18 14.54.22 | 000,970,752 | ---- | M] () -- C:\Programmi\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/02/27 19.42.50 | 000,311,296 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA
MOD - [2008/06/09 15.40.12 | 002,113,620 | ---- | M] () -- C:\Programmi\Millewin\mw_aic.exe
MOD - [2006/10/25 09.42.48 | 000,135,168 | ---- | M] () -- C:\Programmi\Millewin\DEDRPCC.DLL
MOD - [2006/09/13 02.01.30 | 000,356,352 | ---- | M] () -- C:\Programmi\Millewin\Dll\libjcc.dll
MOD - [2006/09/13 02.01.30 | 000,032,768 | ---- | M] () -- C:\Programmi\Millewin\Dll\libjlog.dll
MOD - [1997/11/01 11.00.00 | 000,275,480 | ---- | M] () -- C:\SqlAny50\Win32\WL50ENT.DLL
MOD - [1997/10/01 17.00.00 | 000,275,480 | ---- | M] () -- C:\WINDOWS\system32\WL50ENT.DLL
MOD - [1997/10/01 17.00.00 | 000,136,216 | ---- | M] () -- C:\WINDOWS\system32\WOD50T.DLL
MOD - [1997/10/01 17.00.00 | 000,097,816 | ---- | M] () -- C:\WINDOWS\system32\DBL50T.DLL
MOD - [1997/10/01 16.54.32 | 000,826,392 | ---- | M] () -- C:\SqlAny50\Win32\RTDSK50.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (IDriveWebM)
SRV - File not found [Auto | Stopped] -- -- (IDriveE Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/17 15.37.03 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Programmi\File comuni\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/12/07 18.21.50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/07 18.21.44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/23 18.08.19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18.01.09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/16 14.10.50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/31 17.00.48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/06 15.38.56 | 000,660,824 | ---- | M] (Acronis) [Auto | Running] -- C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/19 18.01.33 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/17 15.37.05 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/12/17 15.37.01 | 000,911,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm255.sys -- (tdrpman255) Acronis Try&Decide and Restore Points filter (build 255)
DRV - [2011/12/17 15.37.00 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/12/17 15.36.55 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/12/17 15.23.56 | 000,116,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2011/12/07 18.22.16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 14.10.50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 14.10.50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programmi\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/09/15 23.55.04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23.55.03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/31 17.00.50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15.14.27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/31 11.38.08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 09.35.40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2007/07/27 21.16.00 | 000,105,984 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007/03/06 11.27.00 | 000,058,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/03/06 11.27.00 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/02/16 07.50.00 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/07/01 21.56.00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/08 09.49.50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/ig?hl=it"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/03 18.14.21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/11/27 19.58.01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/12/20 15.53.01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/03 18.14.21 | 000,000,000 | ---D | M]

[2009/09/11 16.29.44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Extensions
[2011/11/27 20.04.22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\8bd13loh.default\extensions
[2011/11/27 20.04.22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\8bd13loh.default\extensions\LogMeInClient@logmein.com
[2011/11/27 20.39.08 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2009/09/18 16.46.31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/27 19.58.00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/10/25 14.13.40 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/10/25 14.13.40 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/10/25 14.13.40 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/10/25 14.13.40 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/10/25 14.13.40 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/12/17 15.24.27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Programmi\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Servizio Acronis Scheduler2] C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003..\Run: [IDriveE Startup] C:\Programmi\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\IDrive Tray.lnk = C:\Programmi\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03 [binary data]
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03 [binary data]
O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-1993962763-1417001333-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1075E897-72EB-4152-9465-C62A3D48C185}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E9D5849-E3FA-4BA3-8918-A671EB975336}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1F337E-C3C8-4FE6-978B-1D0758231E11}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/10 22.10.49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/10 22.10.49 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{be656685-28ae-11e1-8510-806d6172696f}\bootwiz\asrm.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 16.50.32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe
[2011/12/20 14.48.02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/19 07.22.16 | 004,345,848 | R--- | C] (Swearware) -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
[2011/12/18 11.19.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Malwarebytes
[2011/12/18 11.01.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/12/18 11.01.19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2011/12/18 11.01.15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/18 11.01.14 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2011/12/17 18.00.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Avira
[2011/12/17 17.59.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avira
[2011/12/17 17.59.29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/12/17 17.59.28 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/17 17.59.28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/12/17 17.59.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Avira
[2011/12/17 17.57.43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/12/17 17.24.42 | 000,000,000 | ---D | C] -- C:\Programmi\msn gaming zone
[2011/12/17 17.19.57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/17 17.17.17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2011/12/17 15.49.59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/17 15.49.12 | 000,000,000 | ---D | C] -- C:\bbhbh
[2011/12/17 15.41.34 | 000,000,000 | R--D | C] -- C:\bootwiz
[2011/12/17 15.40.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\Backup personali
[2011/12/17 15.39.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Acronis
[2011/12/17 15.39.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Acronis
[2011/12/17 15.36.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Acronis
[2011/12/17 15.36.45 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Acronis
[2011/12/17 15.36.43 | 000,000,000 | ---D | C] -- C:\Programmi\Acronis
[2011/12/17 15.24.18 | 000,000,000 | ---D | C] -- C:\Programmi\xerox
[2011/12/17 15.24.16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/12/17 15.24.13 | 000,000,000 | ---D | C] -- C:\Programmi\microsoft frontpage
[2011/12/17 14.56.29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/17 14.56.29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/17 14.56.29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/17 14.56.29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/17 14.56.15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/17 14.55.18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/17 14.55.11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Proprietario\Documenti\Video
[2011/12/17 14.55.11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenti\Video
[2011/12/14 22.52.35 | 000,000,000 | ---D | C] -- C:\ClamWinPortable
[2011/12/14 14.22.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2011/12/14 14.22.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Sun
[2011/12/14 14.21.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2011/12/14 14.17.05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2011/12/14 14.11.15 | 000,000,000 | ---D | C] -- C:\Programmi\A3306
[2011/12/14 14.10.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3
[2011/12/03 18.26.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Documenti\Scansioni personali
[2011/12/03 18.23.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Desktop\SCANSIONI
[2011/12/03 18.19.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\WEBREG
[2011/12/03 18.17.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\HP
[2011/12/03 18.14.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Proprietario\Dati applicazioni\HP
[2011/12/03 18.13.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\HP Product Assistant
[2011/12/03 18.11.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\HP
[2011/12/03 18.11.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\HP
[2011/12/03 18.11.29 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\HP
[2011/12/03 18.11.26 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Hewlett-Packard
[2011/12/03 18.11.10 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpoj4500g510n-z
[2011/12/03 18.10.07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/27 20.24.00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Strumenti di amministrazione
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 16.50.33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe
[2011/12/21 11.43.07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/20 18.44.48 | 000,010,559 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20963121.pdf
[2011/12/20 18.38.34 | 000,010,550 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20962598.pdf
[2011/12/20 16.36.10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/20 15.53.02 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/20 14.47.36 | 004,345,848 | R--- | M] (Swearware) -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
[2011/12/19 18.01.33 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/19 13.54.56 | 000,010,554 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20840826.pdf
[2011/12/19 07.20.34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\MBR.dat
[2011/12/17 18.11.24 | 234,341,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\OJ4500vG510n-z_Full_13_en.exe
[2011/12/17 17.59.39 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/12/17 17.57.39 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\avira_free_antivirus_en.exe
[2011/12/17 17.57.04 | 000,349,206 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/12/17 17.57.04 | 000,315,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/17 17.57.04 | 000,048,798 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/12/17 17.57.04 | 000,041,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/17 17.56.59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/12/17 17.55.55 | 015,919,104 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\LogMeIn.msi
[2011/12/17 17.19.32 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/17 17.17.44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/12/17 17.17.28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/17 17.17.27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/17 17.17.27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/17 17.17.18 | 000,004,327 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/17 17.15.03 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/17 17.12.53 | 000,000,416 | -HS- | M] () -- C:\boot.ini
[2011/12/17 15.43.36 | 000,000,344 | -HS- | M] () -- C:\Boot.bak
[2011/12/17 15.37.05 | 001,086,482 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/12/17 15.24.27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/17 13.31.05 | 000,004,438 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/17 13.06.58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\28yeg7yn.exe
[2011/12/14 23.37.28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1123932040
[2011/12/14 22.34.41 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/12/14 22.20.41 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/12/14 14.22.32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/13 16.19.50 | 000,010,563 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20515589.pdf
[2011/12/12 10.34.09 | 000,010,560 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20349619.pdf
[2011/12/09 18.09.27 | 000,010,552 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20302249.pdf
[2011/12/09 09.37.49 | 000,010,560 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\20251744.pdf
[2011/12/07 18.22.16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/12/07 18.22.00 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/12/07 18.21.58 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/12/06 12.04.08 | 000,406,395 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WC.pdf
[2011/12/06 11.59.24 | 000,095,785 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WA.pdf
[2011/12/03 18.17.31 | 000,227,271 | ---- | M] () -- C:\WINDOWS\hpwins28.dat
[2011/12/03 18.13.11 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Centro soluzioni HP.lnk
[2011/12/03 18.12.30 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 18.44.47 | 000,010,559 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20963121.pdf
[2011/12/20 18.38.33 | 000,010,550 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20962598.pdf
[2011/12/20 15.53.01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Reader 9.lnk
[2011/12/20 15.53.01 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/19 13.54.54 | 000,010,554 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20840826.pdf
[2011/12/19 07.20.34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\MBR.dat
[2011/12/18 11.40.29 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\28yeg7yn.exe
[2011/12/17 17.59.39 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/12/17 17.59.16 | 234,341,816 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\OJ4500vG510n-z_Full_13_en.exe
[2011/12/17 17.56.52 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\LogMeIn.lnk
[2011/12/17 17.55.03 | 015,919,104 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\LogMeIn.msi
[2011/12/17 17.54.40 | 082,885,256 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\avira_free_antivirus_en.exe
[2011/12/17 15.50.02 | 000,000,344 | -HS- | C] () -- C:\Boot.bak
[2011/12/17 15.50.00 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011/12/17 14.56.29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/17 14.56.29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/17 14.56.29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/17 14.56.29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/17 14.56.29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/14 22.11.39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1123932040
[2011/12/13 16.19.49 | 000,010,563 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20515589.pdf
[2011/12/12 10.34.08 | 000,010,560 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20349619.pdf
[2011/12/09 18.09.26 | 000,010,552 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20302249.pdf
[2011/12/09 09.37.48 | 000,010,560 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\20251744.pdf
[2011/12/06 12.02.24 | 000,406,395 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WC.pdf
[2011/12/06 11.56.28 | 000,095,785 | ---- | C] () -- C:\Documents and Settings\Proprietario\Desktop\RGLDNL66T45B354WA.pdf
[2011/12/03 18.13.38 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Registrazione I.R.I.S. OCR.lnk
[2011/12/03 18.13.11 | 000,001,108 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Centro soluzioni HP.lnk
[2011/12/03 18.12.30 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
[2011/12/03 18.05.33 | 000,227,271 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2011/12/03 18.05.32 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2011/10/28 20.29.02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/20 16.27.46 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\millezip.dll
[2009/09/21 17.03.40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/09/21 16.47.48 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/09/21 16.47.48 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/09/21 16.47.48 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2009/09/11 16.44.46 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/11 16.44.25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/11 16.37.27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2009/09/11 16.37.26 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/09/11 16.37.26 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/09/11 16.29.39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/11 16.20.47 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/09/11 16.20.47 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/09/11 16.20.47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/09/11 16.20.44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/09/11 16.20.44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/09/11 16.20.36 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/09/11 16.20.35 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/09/11 16.20.17 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/09/11 16.20.07 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/09/11 16.18.37 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/09/11 00.05.02 | 000,004,327 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/11 00.04.13 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/10 22.10.59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/10 22.08.57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/10 21.47.16 | 000,349,206 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2009/09/10 21.47.16 | 000,315,180 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/10 21.47.16 | 000,048,798 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2009/09/10 21.47.16 | 000,041,034 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/10 21.46.33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/13 18.27.18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/30 18.27.08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 13.00.00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 13.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 13.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2004/08/19 13.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 13.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 13.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 13.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2004/08/19 13.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 13.00.00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997/10/01 17.00.00 | 000,275,480 | ---- | C] () -- C:\WINDOWS\System32\WL50ENT.DLL
[1997/10/01 17.00.00 | 000,136,216 | ---- | C] () -- C:\WINDOWS\System32\WOD50T.DLL
[1997/10/01 17.00.00 | 000,097,816 | ---- | C] () -- C:\WINDOWS\System32\DBL50T.DLL
[1996/01/19 12.36.18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\PBDBC09.DLL
[1996/01/17 05.21.00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\IVTRN09.DLL
[1996/01/15 12.12.12 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\PBFLT09.DLL
[1996/01/15 12.12.12 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\PBBAS09.DLL
[1995/04/12 01.54.58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2011/12/17 15.39.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Acronis
[2011/12/21 11.43.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\LogMeIn
[2011/12/17 13.45.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\2C2A3
[2011/12/17 15.39.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\Acronis
[2010/01/29 13.18.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Proprietario\Dati applicazioni\OpenOffice.org

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/12/17 17.56.59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/09/10 22.10.49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/10 22.07.59 | 000,000,211 | -HS- | M] () -- C:\BOOT.001
[2011/12/17 15.43.36 | 000,000,344 | -HS- | M] () -- C:\Boot.bak
[2011/12/17 17.12.53 | 000,000,416 | -HS- | M] () -- C:\boot.ini
[2004/08/19 13.00.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23.00.12 | 000,261,312 | RHS- | M] () -- C:\cmldr
[2011/12/20 14.55.52 | 000,033,094 | ---- | M] () -- C:\ComboFix.txt
[2009/09/10 22.10.49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/10 22.10.49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/10 22.10.49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 08.43.04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 10.31.56 | 000,251,600 | RHS- | M] () -- C:\ntldr
[2009/09/21 17.04.04 | 000,057,669 | ---- | M] () -- C:\P1005.log
[2011/12/21 11.43.02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/12/17 14.49.27 | 000,001,844 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_14.49.08_log.txt
[2011/12/17 14.54.56 | 000,049,624 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_14.53.18_log.txt
[2011/12/17 18.17.10 | 000,049,094 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_18.15.39_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/12/17 17.17.02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/04/24 08.50.14 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1006S.DLL
[2009/06/09 01.43.12 | 000,316,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp092.dll
[2011/12/07 18.22.08 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/12/17 17.31.32 | 000,286,720 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/12/17 16.22.58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2011/12/17 17.31.32 | 015,204,352 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/12/17 17.31.32 | 004,718,592 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2009/09/11 16.43.48 | 000,000,000 | ---D | M] -- C:\Programmi\Millewin\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/11 16.17.13 | 000,000,123 | -HS- | M] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/09/11 16.17.12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mostra Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/17 13.06.58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\28yeg7yn.exe
[2011/12/17 17.57.39 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\avira_free_antivirus_en.exe
[2011/12/20 14.47.36 | 004,345,848 | R--- | M] (Swearware) -- C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
[2011/09/08 14.24.25 | 023,430,427 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\milleallfarma.exe
[2010/12/15 15.46.30 | 000,151,699 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\MilleFixCategorie.exe
[2011/02/27 18.10.57 | 029,340,018 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\motherboard_driver_audio_microsoft_bus.exe
[2011/12/17 18.11.24 | 234,341,816 | ---- | M] () -- C:\Documents and Settings\Proprietario\Desktop\OJ4500vG510n-z_Full_13_en.exe
[2011/12/21 16.50.33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Proprietario\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/21 16.49.46 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Proprietario\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 18.14.24 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[3 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 21/12/11 16.51.55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Proprietario\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yy

1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,60% Memory free
3,60 Gb Paging File | 2,39 Gb Available in Paging File | 66,41% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 68,36 Gb Total Space | 56,71 Gb Free Space | 82,96% Space Free | Partition Type: NTFS
Drive E: | 80,69 Gb Total Space | 66,93 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
Drive F: | 68,36 Gb Total Space | 60,92 Gb Free Space | 89,12% Space Free | Partition Type: NTFS
Drive G: | 80,69 Gb Total Space | 79,47 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

Computer Name: USERXP-9E715B09 | User Name: Proprietario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1935655697-1993962763-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programmi\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3207D1B0-80E5-11D2-B95D-006097C4DE24}" = Microsoft Component Category Manager Library
"{3207D1B9-80E5-11D2-B95D-006097C4DE24}" = Windows Common Controls ActiveX Control DLL
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{43A650AA-D1DC-4C52-8819-D7848B3A08DA}" = OpenOffice.org 3.1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{48DBA0A2-C4F4-4965-A43B-35F4EA28F53E}" = SOAP SDK Files
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{576D64B0-7413-11D2-B954-006097C4DE24}" = CMDialog ActiveX Control DLL
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7EBEDD29-AA66-11D2-B980-006097C4DE24}" = Microsoft Internet Transfer Control DLL
"{7EBEDD2C-AA66-11D2-B980-006097C4DE24}" = MSMAPI Controls
"{7EBEDD3D-AA66-11D2-B980-006097C4DE24}" = Microsoft Standard Data Formating Object DLL
"{7EBEDD46-AA66-11D2-B980-006097C4DE24}" = TABCTL32 OLE Control DLL
"{7F628837-063A-4391-8B6E-9D9E21A7CE2D}" = USB Remote NDIS Network Device
"{8BB4B550-AA69-11D2-B980-006097C4DE24}" = Microsoft Winsock Control DLL
"{8C0C59A0-7DC8-11D2-B95D-006097C4DE24}" = Microsoft OLE 2.40 for Windows NT(TM) and Windows 95(TM) Operating Systems
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9FA5FA94-DD4E-4DEE-A6B4-A24550643C54}" = SOAP SDK ISAPI Files
"{AC76BA86-7AD7-1040-7B44-A92000000001}" = Adobe Reader 9.2 - Italiano
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{D4A3A9E0-AA55-11D2-B97F-006097C4DE24}" = Microsoft Common Controls 2 ActiveX Control DLL
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDrive_is1" = IDrive version 3.3.0 August 31, 2009
"InstallShield_{7F628837-063A-4391-8B6E-9D9E21A7CE2D}" = USB Remote NDIS Network Device
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MilleGPG" = MilleGPG 1.3.0330
"Millewin" = Millewin vers. 13.38
"Mozilla Firefox 8.0.1 (x86 it)" = Mozilla Firefox 8.0.1 (x86 it)
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR gestione archivi

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/12/11 6.48.12 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.14 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.18 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.22 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.24 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.26 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.28 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.30 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 6.48.31 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 21/12/11 11.53.54 | Computer Name = USERXP-9E715B09 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

[ System Events ]
Error - 21/12/11 11.59.05 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.07 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.07 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.07 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.09 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.09 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.09 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.11 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.11 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding

Error - 21/12/11 11.59.11 | Computer Name = USERXP-9E715B09 | Source = DCOM | ID = 10000
Description = Impossibile avviare un server DCOM: {75EEA4E1-20A8-4B7A-950F-AF625CEE8277}.
L'errore
"%2" è avvenuto durante l'esecuzione del comando "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE"
-Embedding


< End of report >
 
OTL log is clean as well.

What are the current issues?

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
the problem is that after everythings there is every time this window




which is in the task manager as "hpqtra08.exe"
and i dont know what is it and how to remove it... it seems to be somethings connected to the hp printer!!
 
Yes, it's HP printer digital imaging monitor.
For now you can disable it as a startup.
It doesn't need to be a startup.
Later you can try to reinstall your printer.

Proceed with other steps.
 
C:\Qoobox\Quarantine\C\Programmi\LP\21C2.zip.vir a variant of Win32/Kryptik.XGT trojan deleted - quarantined
 
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Avira Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 30
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 it..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

J
  • Locked
Inactive "The maximum number of secrets that may be stored in a single system has exceeded..."
2 3 4
Replies
80
Views
24K
Broni
Broni
V
  • Locked
Inactive [A] Jpgiframe on two foto and removed with "ad aware free"
Replies
7
Views
2K
Broni
Broni

Latest posts

Back