Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit - tough to remove


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
I posted while you were posting so see my previous post.
  • 0

Advertisements


#17
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi
here is the new mbr ater the POST#15
Norton still screams :-/

---

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D2000 \WINDOWS\system32\hal.dll
0xF7A10000 \WINDOWS\system32\KDCOM.DLL
0xF7920000 \WINDOWS\system32\BOOTVID.dll
0xF73E1000 ACPI.sys
0xF7A12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73D0000 pci.sys
0xF7510000 isapnp.sys
0xF7520000 ohci1394.sys
0xF7530000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7AD8000 pciide.sys
0xF7790000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A14000 viaide.sys
0xF7A16000 intelide.sys
0xF7540000 MountMgr.sys
0xF73B1000 ftdisk.sys
0xF7798000 PartMgr.sys
0xF7550000 VolSnap.sys
0xF7399000 atapi.sys
0xF7560000 disk.sys
0xF7570000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7379000 fltmgr.sys
0xF7322000 SYMDS.SYS
0xF7267000 SYMEFA.SYS
0xF7580000 PxHelp20.sys
0xF7250000 KSecDD.sys
0xF71C3000 Ntfs.sys
0xF7196000 NDIS.sys
0xF717C000 Mup.sys
0xF75F0000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF65F4000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF65E0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7868000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF65BC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7870000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7878000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF6313000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xF62F0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79EC000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xF61E4000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7880000 \SystemRoot\System32\Drivers\Modem.SYS
0xF61D1000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF7610000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF5F9B000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF5F79000 \SystemRoot\system32\drivers\portcls.sys
0xF7620000 \SystemRoot\system32\drivers\drmk.sys
0xF5F65000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7630000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7888000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7890000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF7898000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7BA8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7640000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5F4E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7650000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7660000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5F3D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7670000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7680000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A42000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5EDF000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A08000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7690000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A44000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76E0000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7A46000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B21000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A48000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78C8000 \SystemRoot\System32\drivers\vga.sys
0xF7A4A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7134000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3E11000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3DB8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3D5F000 \SystemRoot\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
0xF3D39000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF3D13000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7700000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF78E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF78E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79B4000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF78F0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF3CB8000 \??\C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111226.001\IDSxpx86.sys
0xF3C90000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3C6E000 \SystemRoot\System32\drivers\afd.sys
0xF7710000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78F8000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xF3C4A000 \SystemRoot\system32\drivers\N360\0501000.01D\Ironx86.SYS
0xF7730000 \SystemRoot\system32\drivers\N360\0501000.01D\SRTSPX.SYS
0xF3C28000 \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS
0xF7900000 \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
0xF3B5D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3AED000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7760000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3A8F000 \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys
0xF3A71000 \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF39A5000 \??\C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
0xF3959000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF3941000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A58000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5EA0000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77C8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B58000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E6000 \SystemRoot\System32\ativvaxx.dll
0xBF37A000 \SystemRoot\System32\ATMFD.DLL
0xB87F0000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB84A3000 \SystemRoot\system32\drivers\wdmaud.sys
0xF75D0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB821E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB80D6000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7735000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7687000 \SystemRoot\System32\Drivers\N360\0501000.01D\SRTSP.SYS
0xB74B7000 \??\C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111227.032\NAVEX15.SYS
0xB74A3000 \??\C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111227.032\NAVENG.SYS
0xB7721000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xB77A6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7400000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
460 C:\WINDOWS\system32\smss.exe
536 csrss.exe
564 C:\WINDOWS\system32\winlogon.exe
608 C:\WINDOWS\system32\services.exe
620 C:\WINDOWS\system32\lsass.exe
780 C:\WINDOWS\system32\ati2evxx.exe
796 C:\WINDOWS\system32\svchost.exe
876 svchost.exe
968 C:\WINDOWS\system32\svchost.exe
1008 svchost.exe
1144 svchost.exe
1208 C:\WINDOWS\system32\spoolsv.exe
1384 C:\WINDOWS\system32\ati2evxx.exe
1536 C:\WINDOWS\explorer.exe
1660 svchost.exe
1696 C:\Programmi\SUPERAntiSpyware\SASCore.exe
1748 C:\Programmi\Java\jre6\bin\jqs.exe
1868 C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
2012 C:\Programmi\Norton 360\Engine\5.1.0.29\ccsvchst.exe
132 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
184 C:\Programmi\Secunia\PSI\psia.exe
360 C:\WINDOWS\system\hpsysdrv.exe
368 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
380 C:\hp\KBD\kbd.exe
404 C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
300 C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
452 C:\WINDOWS\ALCXMNTR.EXE
512 C:\WINDOWS\system32\ctfmon.exe
1064 C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
1584 C:\Programmi\Secunia\PSI\psi_tray.exe
1768 C:\WINDOWS\system32\svchost.exe
2192 C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
2284 C:\WINDOWS\system32\wuauclt.exe
2444 wmiprvse.exe
2472 C:\Programmi\Norton 360\Engine\5.1.0.29\ccsvchst.exe
3012 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3168 wmiprvse.exe
3656 C:\Programmi\Mozilla Firefox\firefox.exe
3712 C:\Programmi\Secunia\PSI\psi.exe
3796 alg.exe
324 C:\Programmi\Secunia\PSI\sua.exe
1808 C:\Documents and Settings\HP_Proprietario\Desktop\VIRUS\PROGRAMMI\MBRCheck.exe
2328 C:\Programmi\Mozilla Firefox\plugin-container.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`7fe80000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3200826AS, Rev: 3.03

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972


Done!
  • 0

#18
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi
reading your previous post
'to reboot in Windows XP Recovery Console cd'

I don't have windows XP cd, the pc has XP pre-installed, I entered the normal hd boot option 'Enter Windows XP Recovery Console'
not from from cd, is it the same ?

However I did the three commands:
fixmbr...
fixboot
exit

Is the virus still alive in the boot ?

Thanks

Edited by ferrux, 28 December 2011 - 11:21 AM.

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Let's see if it is still there. Run aswMBR again and post the log.
  • 0

#20
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
here is the new log, Norton still alterts.
Thank you.

---
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 18:25:43
-----------------------------
18:25:43.921 OS Version: Windows 5.1.2600 Service Pack 3
18:25:43.921 Number of processors: 1 586 0x2F02
18:25:43.921 ComputerName: NOME-80B5784770 UserName: HP_Proprietario
18:25:45.859 Initialize success
18:26:03.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:26:03.843 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
18:26:05.890 Disk 0 MBR read successfully
18:26:05.890 Disk 0 MBR scan
18:26:05.890 Disk 0 unknown MBR code
18:26:05.937 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6142 MB offset 63
18:26:05.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184629 MB offset 12579840
18:26:06.000 Disk 0 scanning sectors +390700800
18:26:06.109 Disk 0 scanning C:\WINDOWS\system32\drivers
18:26:27.515 Service scanning
18:26:28.765 Modules scanning
18:26:46.093 Scan finished successfully
18:26:54.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\MBR.dat"
18:26:54.406 The log file has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\aswMBR.txt"

Edited by ferrux, 28 December 2011 - 12:46 PM.

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Rename the file MBR.dat on your desktop to ferruxmbr.txt (It is not a text file but we have to fool the forum software) Then attach it to your next post. Do not copy and paste.

Run OTL, Quickscan and post the log.

Ron
  • 0

#22
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
here we go, the otl will follow I am generating it now...

heare are the mbr log and dat (renamed)
Bye

---

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 20:22:37
-----------------------------
20:22:37.062 OS Version: Windows 5.1.2600 Service Pack 3
20:22:37.062 Number of processors: 1 586 0x2F02
20:22:37.062 ComputerName: NOME-80B5784770 UserName: HP_Proprietario
20:22:38.562 Initialize success
20:22:56.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:22:56.781 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
20:22:58.921 Disk 0 MBR read successfully
20:22:58.921 Disk 0 MBR scan
20:22:58.921 Disk 0 unknown MBR code
20:22:58.953 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6142 MB offset 63
20:22:59.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184629 MB offset 12579840
20:22:59.046 Disk 0 scanning sectors +390700800
20:22:59.171 Disk 0 scanning C:\WINDOWS\system32\drivers
20:23:39.328 Service scanning
20:23:50.250 Modules scanning
20:24:33.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\4 ron\MBR.dat"
20:24:48.468 Scan finished successfully
20:24:54.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\4 ron\MBR.dat"
20:24:54.812 The log file has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\4 ron\aswMBR.txt"
20:25:14.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\4 ron\MBR.dat"
20:25:14.015 The log file has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\4 ron\aswMBR.txt"

Attached Files


  • 0

#23
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
here is the OTL
---
OTL logfile created on: 28/12/2011 20.27.47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Proprietario\Desktop\VIRUS\PROGRAMMI
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 309,20 Mb Available Physical Memory | 30,24% Memory free
2,40 Gb Paging File | 1,52 Gb Available in Paging File | 63,15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 180,30 Gb Total Space | 90,61 Gb Free Space | 50,26% Space Free | Partition Type: NTFS
Drive D: | 5,99 Gb Total Space | 2,35 Gb Free Space | 39,17% Space Free | Partition Type: FAT32

Computer Name: NOME-80B5784770 | User Name: HP_Proprietario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 15.26.57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2011/12/25 00.37.54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Proprietario\Desktop\VIRUS\PROGRAMMI\OTL.exe
PRC - [2011/12/24 17.50.18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/14 07.01.48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programmi\Secunia\PSI\sua.exe
PRC - [2011/08/12 00.38.07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programmi\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/17 01.45.11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programmi\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/01/19 14.24.08 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/04/14 03.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/26 15.26.57 | 002,124,760 | ---- | M] () -- C:\Programmi\Mozilla Firefox\mozjs.dll
MOD - [2011/12/05 21.06.32 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/12 17.23.40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/12 17.23.30 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/12 17.16.48 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/10/12 17.16.43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 04.33.28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 04.30.12 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 04.29.57 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2004/09/08 13.45.58 | 000,368,128 | ---- | M] () -- C:\Programmi\Filzip\fzshext.dll
MOD - [2002/04/11 04.19.46 | 000,081,920 | ---- | M] () -- C:\Programmi\HP\HP Share-to-Web\hpgs2wdh.dll
MOD - [2002/04/11 04.19.42 | 000,024,576 | ---- | M] () -- C:\Programmi\HP\HP Share-to-Web\hpgs2wnfps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirScheduler)
SRV - [2011/12/24 17.50.18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/14 07.01.50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programmi\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 07.01.48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programmi\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/12 00.38.07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programmi\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/17 01.45.11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Programmi\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/01/19 14.24.08 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2005/04/04 00.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/12/17 18.31.53 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111228.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/17 18.31.53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/17 18.31.53 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/17 18.31.53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111228.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/17 16.56.10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/16 16.20.22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111226.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/10 15.24.06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 02.24.18 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/22 17.27.02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22.55.22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/31 04.00.09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 04.00.09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/22 01.39.49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/15 03.31.23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 07.47.10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/06 20.06.29 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/11/16 02.45.33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/01 09.30.58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/09/17 08.44.29 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/18 12.06.56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/08/18 12.06.56 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/04/13 19.46.22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/07/03 15.58.20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15.57.24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15.54.24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/10 14.05.00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/07/20 19.46.18 | 002,786,176 | -H-- | M] (ASUSTek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/07/04 08.30.34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 21.16.26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/05/27 14.13.12 | 000,128,295 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2005/05/27 14.13.12 | 000,011,001 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2005/05/27 14.13.12 | 000,007,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/04/20 19.00.56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 03.14.00 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 22.53.00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 19.10.26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/05 17.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 17.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/19 22.31.46 | 000,607,292 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/04 05.31.34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 93 C1 1B 62 C2 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.it...r?tab=mc&pli=1"
FF - prefs.js..network.proxy.backup.ftp: "192.104.67.250"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "192.104.67.250"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.104.67.250"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.104.67.250"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "12.180.54.219"
FF - prefs.js..network.proxy.ftp_port: 1080
FF - prefs.js..network.proxy.gopher: "12.180.54.219"
FF - prefs.js..network.proxy.gopher_port: 1080
FF - prefs.js..network.proxy.http: "12.180.54.219"
FF - prefs.js..network.proxy.http_port: 1080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "12.180.54.219"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "12.180.54.219"
FF - prefs.js..network.proxy.ssl_port: 1080


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programmi\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Programmi\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Programmi\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Programmi\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/12/18 19.45.06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/28 18.38.02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/12/26 15.26.58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/09/18 09.39.16 | 000,000,000 | ---D | M]

[2008/08/27 18.34.04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Extensions
[2011/05/29 21.12.13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\zz1604ly.default\extensions
[2009/09/02 20.05.06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\zz1604ly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/22 21.26.22 | 000,000,000 | ---D | M] ("Romanian Dictionary") -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\zz1604ly.default\extensions\[email protected]
[2011/12/28 20.25.49 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/12/28 20.25.49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/26 15.26.58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/12/28 20.25.30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2008/10/11 19.32.46 | 000,155,648 | ---- | M] (PopCap Games) -- C:\Programmi\mozilla firefox\plugins\nppopcaploader.dll
[2011/12/26 15.26.58 | 000,001,393 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2011/10/01 19.22.16 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/10/01 19.22.16 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/10/01 19.22.16 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/10/01 19.22.16 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/10/01 19.22.16 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========


O1 HOSTS File: ([2011/12/28 16.27.21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E6F36CE-1217-4BA1-982F-24560C0EB677} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.216.112.112 212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E0F218E-C1AC-4DBC-81F9-003B5B644B8C}: DhcpNameServer = 212.216.112.112 212.216.172.62
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/10 22.18.10 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 20.24.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\4 ron
[2011/12/28 16.35.56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/28 16.29.18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/28 14.56.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Secunia PSI
[2011/12/28 14.53.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\SUPERAntiSpyware.com
[2011/12/28 14.52.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/12/28 14.52.02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/28 14.52.01 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2011/12/28 14.50.55 | 000,000,000 | ---D | C] -- C:\Programmi\Secunia
[2011/12/28 14.50.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
[2011/12/28 14.50.38 | 000,000,000 | ---D | C] -- C:\Programmi\SUPERAntiSpyware
[2011/12/28 14.48.33 | 000,000,000 | ---D | C] -- C:\Programmi\VS Revo Group
[2011/12/28 14.41.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\VIRUS
[2011/12/26 18.13.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Avira
[2011/12/26 15.43.59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/26 15.43.59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/26 15.43.59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/26 15.43.59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/26 15.43.31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/26 15.41.37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 15.41.31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Proprietario\Menu Avvio\Programmi\Strumenti di amministrazione
[2011/12/22 04.47.55 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/12/17 18.00.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\NPE
[2011/12/17 16.56.04 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2011/12/17 16.56.04 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/12/17 16.56.04 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/12/17 16.56.04 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2011/12/17 16.56.04 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/12/17 16.56.04 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/12/17 16.56.04 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/12/17 16.56.04 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/12/17 16.55.40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/12/17 15.47.39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/17 15.47.39 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/17 15.46.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/12/17 15.46.01 | 000,000,000 | ---D | C] -- C:\Programmi\Windows Sidebar
[2011/12/17 15.46.01 | 000,000,000 | ---D | C] -- C:\Programmi\Norton 360
[2011/12/17 15.46.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Norton 360
[2011/12/17 15.44.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton
[2011/12/17 15.43.08 | 000,000,000 | ---D | C] -- C:\Programmi\NortonInstaller
[2011/12/17 15.43.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller
[2011/12/09 18.01.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2011/12/04 09.07.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Microsoft Silverlight
[2011/12/03 19.25.18 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft CAPICOM 2.1.0.2
[2011/11/30 12.38.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\rubrica
[2011/11/28 22.37.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\SkyTeam TravelDesk
[2011/11/28 22.37.05 | 000,000,000 | ---D | C] -- C:\Programmi\SkyTeam TravelDesk
[2011/11/28 22.06.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\back up
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 20.39.01 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2011/12/28 20.27.15 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 18.51.54 | 000,000,305 | RHS- | M] () -- C:\boot.ini
[2011/12/28 18.39.56 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/12/28 18.39.11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 18.38.40 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 18.37.39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 18.37.31 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 18.32.18 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Collegamento a mbam.exe.lnk
[2011/12/28 16.27.21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/28 14.55.39 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Secunia PSI.lnk
[2011/12/28 14.51.48 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/26 18.13.56 | 000,757,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/26 15.31.28 | 000,235,520 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 04.47.54 | 069,206,016 | -HS- | M] () -- C:\NBRTPage.sys
[2011/12/17 16.56.10 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/17 16.56.10 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/17 16.56.10 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/17 16.56.10 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/17 15.42.13 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/17 08.17.07 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/17 07.57.24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/17 07.55.55 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/10 15.24.06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/09 21.52.43 | 000,441,023 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111210-153006.backup
[2011/12/07 06.57.39 | 984,525,414 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Lezioni.Di.Cioccolato.2.2011.iTALiAN.MD.CAM.XviD-MiO.avi
[2011/11/30 15.37.04 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\default.pls
[2011/11/30 15.37.04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 18.32.18 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Collegamento a mbam.exe.lnk
[2011/12/28 16.36.21 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Secunia PSI.lnk
[2011/12/28 16.31.30 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/28 14.55.37 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Secunia PSI.lnk
[2011/12/28 14.51.47 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/26 15.43.59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/26 15.43.59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/26 15.43.59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/26 15.43.59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/26 15.43.59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/22 04.47.54 | 069,206,016 | -HS- | C] () -- C:\NBRTPage.sys
[2011/12/17 18.05.59 | 000,757,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/17 16.56.04 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/12/17 16.56.04 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/12/17 16.56.04 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2011/12/17 16.56.04 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2011/12/17 16.56.04 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/12/17 16.56.04 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/12/17 16.56.04 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2011/12/17 16.56.04 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2011/12/17 16.56.04 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/12/17 16.56.04 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2011/12/17 16.56.04 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/12/17 16.56.04 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/12/17 16.56.04 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2011/12/17 16.55.42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2011/12/17 16.55.40 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/12/17 15.47.39 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/17 15.47.39 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/17 07.55.55 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/07 06.34.59 | 984,525,414 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Lezioni.Di.Cioccolato.2.2011.iTALiAN.MD.CAM.XviD-MiO.avi
[2011/12/03 09.38.24 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/01 15.57.45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 08.06.54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/01/10 23.28.36 | 000,154,248 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\DeviceManager.xml.rc4
[2009/09/17 08.45.20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\LauncherAccess.dt
[2009/09/17 08.32.14 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/12 16.34.26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/01/05 15.50.42 | 000,000,149 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2008/01/05 15.50.39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2008/01/05 15.14.22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/11/04 15.49.34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/19 22.06.49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/12 20.57.57 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2006/12/31 19.19.08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/31 19.19.08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/24 08.41.39 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2006/11/15 22.01.37 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/11/15 22.01.35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/15 21.36.58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/18 09.16.50 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006/01/07 12.23.16 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\QTSBandwidthCache
[2006/01/05 17.52.11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/02 16.56.30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2006/01/02 16.23.22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2006/01/01 10.09.13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/31 18.35.38 | 000,080,744 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2005/12/31 18.35.38 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2005/12/31 18.35.27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/12/31 16.57.55 | 000,235,520 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/31 16.07.07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/31 16.07.02 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/31 16.06.53 | 000,003,320 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/31 16.02.14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\wklnhst.dat
[2005/12/31 15.57.29 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2005/08/21 17.47.36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/02 14.50.50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/02 14.31.43 | 000,016,358 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/02 14.31.36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/02 14.24.22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/02 14.24.22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/02 14.24.22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/02 14.24.22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/02 14.24.22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/02 14.24.22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/02 14.22.35 | 000,000,352 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/01/02 14.17.52 | 000,113,137 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/01/02 14.17.52 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/01/02 14.13.23 | 000,080,685 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/01/02 14.13.23 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/01/02 14.11.24 | 000,073,152 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/01/02 14.11.24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/01/02 14.10.27 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/02 14.07.41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/02 14.07.39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005/01/02 14.06.31 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/01/02 14.05.33 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/01/02 13.56.38 | 000,000,825 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/01/02 13.52.38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/12/10 22.26.58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/10 22.24.02 | 000,491,460 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2004/12/10 22.24.02 | 000,443,352 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/10 22.24.02 | 000,085,428 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2004/12/10 22.24.02 | 000,072,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/10 22.22.02 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/10 22.17.44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/10 22.14.54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 19.00.00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 13.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 13.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2004/08/19 13.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 13.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 13.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 13.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2004/08/19 13.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 13.00.00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/19 13.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/25 23.42.04 | 000,000,523 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/05/03 15.25.32 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll
[2001/08/24 00.12.28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 00.11.02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22.30.02 | 000,003,267 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2006/02/05 09.39.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\innovata
[2005/01/02 14.25.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo
[2008/10/11 19.33.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PopCap
[2011/03/05 19.43.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone

========== Purity Check ==========



< End of report >
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
If you run GMER again does it still see the infection?

Can you take a screen shot of the Norton Alert?

http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.
  • 0

#25
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
HI Ron
I am on the train home now, once again thanks for your efforts are very appreciated. I will be at the infected pc next saturday so please do not close this troble ticket. I will make the gmer test. This bloody virus is quite resistant. Bye for now :-)
FERRUX
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
I never close a ticket but if the forum decides to close it just PM me and I will reopen it.
  • 0

#27
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
thanks :-)

Now I'm curious I am about to google 'Orcas Island' must be a nice place.

Cheers.
Ferrux
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
https://picasaweb.go...90/OrcasIsland#
  • 0

#29
ferrux

ferrux

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Such a wonderful and relaxing place :-)
Once many years ago, I have been to Seattle on a vacation tour :-)

Regards,
Ferrux
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Thanks. I love it here.

Where are you going to on the train? Somewhere in Italy I assume from your profile.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP