start
CreateRestorePoint:
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-839522115-1788223648-1606980848-500] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "abou" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=3 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=9 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Firefox\Extensions: [Subscription@helper.com] - F:\Program Files\SM\FF
U3 ag17dxv9; F:\WINDOWS\system32\Drivers\ag17dxv9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S2 DritekPortIO; \??\D:\fn-esse.temp\DPortIO.sys [X]
S4 IntelIde; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; No ImagePath
NETSVC: # -> No Registry Path.
2015-05-01 17:22 - 2015-05-01 17:42 - 00000000 ____D () F:\Program Files\ophcrack
2015-05-01 17:22 - 2015-05-01 17:41 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
2015-04-09 12:58 - 2015-04-09 12:58 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2015-05-04 23:33 - 2014-07-21 19:15 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-04-26 16:47 - 2014-07-04 19:06 - 00000000 ____D () F:\Program Files\eMule
2015-04-09 12:58 - 2014-07-04 19:03 - 00000000 ____D () F:\Program Files\Spybot - Search & Destroy
F:\Documents and Settings\not Utente Toshiba bye bye\TempWmicBatchFile.bat
AlternateDataStreams: F:\.DS_Store:AFP_AfpInfo
AlternateDataStreams: F:\Documents and Settings\All Users\Application Data\TEMP:24C8262A
AlternateDataStreams: F:\Documents and Settings\not Utente Toshiba bye bye\Application Data\TEMP:24C8262A
StandardProfile\AuthorizedApplications: [F:\Program Files\eMule\emule.exe] => Enabled:eMule
StandardProfile\AuthorizedApplications: [F:\DOCUME~1\cs01\LOCALS~1\Temp\svchost.exe] => Enabled:736201524A4FAB70
StandardProfile\AuthorizedApplications: [F:\Program Files\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
StandardProfile\GloballyOpenPorts: [4662:TCP] => Enabled:emule 1
StandardProfile\GloballyOpenPorts: [4672:UDP] => Enabled:emule 0
F:\Program Files\SM\
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
EmptyTemp:
CMD: bitsadmin /reset /allusers
Reboot:
end