This is my first post, so forgive me for any mistake.
I have a Lenvo T60 laptop, Windows XP pro SP3; Symantec Endpoint Protection.
Few days ago, I have found that Automatic Updates are running SVCHOST at 100% CPU. Also trying to get updates from MS sites, with Windows Update site, gives the result of a grreen bar going up and down forever. No other symptom, I can download updates for SEP, and all security tools.
I am not sure that I have infection; anyway, any fix that on Microsoft Community was suggested had no result; someone told it could be a malware infection.
So, I ran Microsoft Offline Scanner (boot from CD): nothing found; Avira Rescue (boot from CD): nothing found; Conficker removal tool from Symantec and F-Secure: no conficker; TDSS Killer from Kaspersky: nothing found. And yes, I ran HiJackThis, all is OK.
Here is my OTL log:
OTL logfile created on: 03/09/2013 16.32.01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user 1\Documenti\Utilities\Varie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 77,37% Memory free
4,32 Gb Paging File | 3,87 Gb Available in Paging File | 89,49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 55,89 Gb Total Space | 21,01 Gb Free Space | 37,59% Space Free | Partition Type: NTFS
Computer Name: LENOVO-T60 | User Name: user 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/03 16.25.25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user 1\Documenti\Utilities\Varie\OTL.exe
PRC - [2013/08/18 08.27.52 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Programmi\Java\jre7\bin\jqs.exe
PRC - [2011/05/03 14.01.10 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Programmi\File comuni\Symantec Shared\ccApp.exe
PRC - [2011/05/03 14.01.10 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
PRC - [2011/05/03 14.01.08 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/05/03 14.01.08 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/05/03 14.01.08 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/05 02.29.00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Programmi\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 02.29.00 | 000,053,248 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/09/17 18.54.24 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/09/17 18.51.38 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/09/17 18.51.06 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/09/17 18.46.16 | 000,237,568 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/09/17 18.46.06 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/07/27 18.05.00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/04/26 14.46.32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/07 15.37.22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/01 15.50.44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/11/24 14.51.18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/04/13 20.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 18.34.46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/08/16 19.07.00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/07/15 07.13.22 | 000,360,533 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2006/07/14 16.52.48 | 000,045,056 | ---- | M] () -- C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/07/04 04.05.00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006/06/29 22.57.50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2006/03/13 17.38.56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006/02/14 07.17.28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 06.20.00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
========== Modules (No Company Name) ==========
MOD - [2013/07/12 18.10.56 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fce142e7009d7cd587b5d8fbc20f5448\UIAutomationProvider.ni.dll
MOD - [2013/07/12 18.10.27 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013/07/12 18.09.43 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll
MOD - [2013/07/12 18.09.08 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\98081ec306b59320c26f94983fec7a89\PresentationCore.ni.dll
MOD - [2013/07/12 18.08.32 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\37136d6a9a5a7c5d7816d7e0ef3c4d45\WindowsBase.ni.dll
MOD - [2013/07/12 18.08.01 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013/07/12 18.07.20 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/07/12 17.58.54 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2011/04/30 12.57.37 | 000,034,816 | ---- | M] () -- C:\Programmi\Google\Google Desktop Search\gzlib.dll
MOD - [2010/11/05 02.29.00 | 000,081,920 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT-IT\PWMUIAux.resources.dll
MOD - [2010/11/05 02.29.00 | 000,060,416 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT\PWRMGRRO.DLL
MOD - [2010/11/05 02.29.00 | 000,053,248 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 02.29.00 | 000,042,496 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT\PWRMGRRT.DLL
MOD - [2010/09/17 19.24.00 | 000,046,592 | ---- | M] () -- C:\Programmi\ThinkPad\ConnectUtilities\Res\IT\GUIHlprRes.dll
MOD - [2010/09/17 19.23.50 | 000,229,376 | ---- | M] () -- C:\Programmi\ThinkPad\ConnectUtilities\Res\IT\IconRes.dll
MOD - [2010/09/17 19.23.28 | 000,077,824 | ---- | M] () -- C:\Programmi\ThinkPad\ConnectUtilities\Res\IT\SvcHlprRes.dll
MOD - [2006/07/14 16.52.48 | 000,045,056 | ---- | M] () -- C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/07/04 18.11.00 | 000,057,344 | ---- | M] () -- C:\Programmi\ThinkVantage\PrdCtr\IT\LPRESMGR.DLL
MOD - [2006/06/29 22.57.50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2006/02/23 19.22.00 | 000,057,344 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT\EZMAPRES.DLL
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/08/18 08.27.52 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/05/03 14.01.10 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/05/03 14.01.10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/05/03 14.01.10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/05/03 14.01.08 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/05/03 14.01.08 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/11/05 02.29.00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programmi\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 02.29.00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/09/17 18.46.16 | 000,237,568 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 18.46.06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/09/07 16.05.51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programmi\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/04/07 15.37.22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programmi\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 13.02.16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programmi\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/06/12 11.55.48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- c:\Programmi\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/03/04 11.34.12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 18.34.46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/16 19.07.00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/15 07.13.22 | 000,360,533 | ---- | M] (Atheros) [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2006/07/14 16.52.48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/06/29 22.57.50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2006/05/31 15.43.04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/10/25 10.34.24 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/10/22 04.24.18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Installshield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/30 18.20.50 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/08/29 10.00.00 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\VirusDefs\20130830.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/29 10.00.00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/29 10.00.00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/29 10.00.00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\VirusDefs\20130830.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/27 23.52.20 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/05/03 14.01.14 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/05/03 14.01.10 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/05/03 14.01.10 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/05/03 14.01.10 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/05/03 14.01.10 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/05/03 14.01.10 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/12/22 10.42.37 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/11/11 03.36.18 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/11/11 03.36.18 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/11/11 03.36.18 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/11/11 03.36.16 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/11/05 02.29.00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2010/11/05 02.29.00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/06/16 14.44.38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 14.44.38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/06/02 15.49.20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 15.49.20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 15.49.18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/05/12 21.22.04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/12 19.04.02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2006/08/16 19.07.00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 18.54.00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 18.54.00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/07/13 06.43.16 | 000,508,672 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/07/08 15.34.50 | 000,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/05/31 15.22.26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/31 15.17.36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/13 17.05.54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programmi\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/02/02 06.20.00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 06.20.00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 06.20.00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 06.20.00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 06.20.00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 06.20.00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 06.20.00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 13.02.50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13.02.10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/09/28 18.07.02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2001/08/30 23.06.50 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.70.2.29:3128
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BFDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3%7D:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.it...-8&oe=utf-8&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.8\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2013/08/22 22.22.52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.8\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2013/08/22 22.22.41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.12\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2013/02/03 10.38.33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.12\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins
[2013/06/25 18.04.44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Extensions
[2013/08/25 11.19.56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions
[2011/03/04 18.05.56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/21 15.49.50 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2013/08/25 11.19.55 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/22 22.22.35 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2013/08/22 22.22.52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2013/01/24 21.09.36 | 007,174,192 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\agcore.dll
[2013/01/24 21.09.36 | 003,526,704 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\coreclr.dll
[2013/01/24 21.09.36 | 000,245,344 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\Microsoft.VisualBasic.dll
[2013/01/24 21.09.36 | 001,690,672 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\mscorlib.dll
[2013/01/24 21.09.36 | 000,009,776 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\mscorrc.dll
[2013/01/24 21.09.36 | 001,210,416 | ---- | M] ( Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\npctrl.dll
[2013/01/24 21.09.36 | 000,800,304 | ---- | M] ( Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\npctrlui.dll
[2013/01/08 02.06.20 | 004,012,648 | ---- | M] () -- C:\Programmi\mozilla firefox\plugins\nppdf.dll
[2013/01/24 21.09.36 | 000,557,640 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Core.dll
[2013/01/24 21.09.36 | 000,239,168 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\system.dll
[2013/01/24 21.09.36 | 000,227,896 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Net.dll
[2013/01/24 21.09.36 | 000,434,264 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Runtime.Serialization.dll
[2013/01/24 21.09.36 | 000,517,720 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.ServiceModel.dll
[2013/01/24 21.09.36 | 000,071,760 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.ServiceModel.Web.dll
[2013/01/24 21.09.36 | 000,129,616 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Windows.Browser.dll
[2013/01/24 21.09.36 | 001,927,248 | ---- | M] ( Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Windows.dll
[2013/01/24 21.09.36 | 000,030,296 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Windows.RuntimeHost.dll
[2013/01/24 21.09.36 | 000,320,056 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Xml.dll
[2013/05/10 01.49.12 | 000,001,606 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2013/05/10 01.49.12 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2013/05/10 01.49.12 | 000,000,957 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2013/05/10 01.49.12 | 000,001,030 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2013/05/10 01.49.12 | 000,001,395 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2013/05/10 01.49.12 | 000,001,166 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml
O1 HOSTS File: ([2004/08/19 23.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Programmi\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Programmi\File comuni\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programmi\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programmi\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\AutorunsDisabled [2011/01/12 00.01.31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Cerca con Google - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Traduci parola in italiano - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Link a ritroso - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Pagine simili - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Versione cache della pagina - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Intranet locale)
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet locale)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6972728-43DE-4937-9FD4-98AF1C86D061}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programmi\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programmi\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Programmi\Lenovo\AwayTask\AwayNotify.dll) - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/27 21.00.02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/02 20.48.31 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/08/30 18.16.02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/29 12.25.29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/08/28 19.05.13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution OLD
[2013/08/22 22.22.34 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2013/08/22 20.51.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user 1\Dati applicazioni\ElevatedDiagnostics
[2013/08/22 20.50.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/08/21 05.22.36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2013/08/18 08.27.43 | 000,000,000 | ---D | C] -- C:\Programmi\Java
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/02 21.39.09 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013/09/02 21.38.34 | 000,009,962 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013/09/02 21.37.49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/02 21.37.42 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 09.33.47 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/01 08.23.15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/30 18.20.50 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/08/30 18.20.50 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2013/08/30 18.20.50 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/08/30 18.20.50 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/08/29 15.28.32 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/08/29 23.10.09 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/12 18.57.12 | 000,635,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2013/04/08 20.44.43 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\recently-used.xbel
[2012/02/17 08.34.36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/22 11.45.01 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 15.16.20 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\fusioncache.dat
========== ZeroAccess Check ==========
[2006/01/27 21.11.17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/05/29 09.41.31 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/12/22 10.42.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Lenovo
[2012/12/19 16.22.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Avaya
[2010/12/22 10.42.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Downloaded Installations
[2013/08/22 20.51.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\ElevatedDiagnostics
[2011/02/03 17.14.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\InterVideo
[2013/03/10 15.23.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Leadertech
[2011/01/14 14.49.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Lenovo
[2012/06/30 11.42.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Oracle
[2010/12/25 19.28.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Scooter Software
[2010/12/21 15.58.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Softland
[2010/12/21 15.09.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\ThinkVantage
[2013/02/03 10.38.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Thunderbird
========== Purity Check ==========
< End of report >
Have you any other suggestion ?
Thanks,
Enrico
Edited by Enrico_57, 03 September 2013 - 08:46 AM.