This topic is locked
Hello everybody,
yesterday, while performing some LAN scan activities at work, an appliance signaled that a trojan (identified to be as Gozi2 by the appliance itself) was spreading from my PC. I couldn't experience any particular symptoms, apart of this warning.
Since then, I autonomously tried to run several antirootkit tools in order to better get into the problem: some of them noticed suspected files/reg keys/etc., some others not, and then there isn't any final evidence of malware.
Following your instructions, i attach the OTL.txt log file.
Could you please tell me any more?
Thank you in advance.
PS: OTL created also an extras.txt file. Please tell me if you'd need it and I'll reply with its content.
--------------------------------------
OTL logfile created on: 12/09/2014 09:22:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alessio\Desktop
Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
3,37 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 50,30% Memory free
6,74 Gb Paging File | 4,40 Gb Available in Paging File | 65,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217,36 Gb Total Space | 88,80 Gb Free Space | 40,85% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 182,98 Gb Free Space | 39,29% Space Free | Partition Type: NTFS
Computer Name: ALESSIO-PC | User Name: alessio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/09/12 09:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alessio\Desktop\OTL.exe
PRC - [2014/09/02 21:16:37 | 000,275,568 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox 4\firefox.exe
PRC - [2014/09/02 14:12:05 | 000,427,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/08/27 15:00:48 | 000,164,656 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/08/27 15:00:42 | 000,160,048 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/08/27 12:59:49 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/08/27 12:59:30 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/08/27 12:59:30 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/07/25 12:08:44 | 000,257,744 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
PRC - [2014/07/25 12:08:42 | 000,243,920 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
PRC - [2014/07/25 12:08:42 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe
PRC - [2014/07/25 10:51:56 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2014/05/21 12:22:08 | 002,135,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2014/04/16 22:12:44 | 005,306,504 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2014/03/25 20:22:16 | 007,555,288 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe
PRC - [2014/03/25 20:22:16 | 001,864,408 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
PRC - [2014/03/25 20:22:16 | 001,225,944 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
PRC - [2013/12/04 16:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/30 15:44:38 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2013/05/21 23:18:57 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/15 05:45:50 | 000,338,728 | ---- | M] (Aventail Corporation) -- C:\Windows\System32\ngvpnmgr.exe
PRC - [2013/01/31 13:21:23 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 11:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 11:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/01/29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/11/14 14:45:30 | 000,526,208 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
PRC - [2012/11/14 14:45:28 | 007,220,608 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2012/11/14 14:45:28 | 004,067,200 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2012/11/14 14:45:28 | 001,640,320 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/02/21 20:40:19 | 000,051,214 | ---- | M] () -- D:\cygwin\bin\cygrunsrv.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/07 17:12:50 | 000,411,150 | ---- | M] () -- D:\cygwin\usr\sbin\sshd.exe
PRC - [2011/02/02 18:34:54 | 000,353,800 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/08 14:12:06 | 000,049,152 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
========== Modules (No Company Name) ==========
MOD - [2014/09/02 21:16:37 | 003,715,184 | ---- | M] () -- D:\Program Files\Mozilla Firefox 4\mozjs.dll
MOD - [2014/08/27 15:00:40 | 000,139,056 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/08/04 14:20:34 | 000,052,472 | ---- | M] () -- C:\Users\alessio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/01/15 17:37:20 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\dc73a7fbfcc9db610c074d98ea631bdd\System.WorkflowServices.ni.dll
MOD - [2014/01/15 16:24:59 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5f439806d279ae08101d7874c798e5ec\System.ServiceModel.Routing.ni.dll
MOD - [2014/01/15 16:24:58 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3f1f30383f9e487eec8b74fc1d3e5576\System.ServiceModel.Discovery.ni.dll
MOD - [2014/01/15 16:24:56 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\75c45cfe9fcc38ebd79676c4e872a203\System.ServiceModel.Channels.ni.dll
MOD - [2014/01/15 16:24:38 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\654bc6e2eccddad140b66c28c312dc95\System.ServiceModel.Activities.ni.dll
MOD - [2014/01/15 16:24:33 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c62769bad8f57b1071071d80fdc5f0cf\System.IdentityModel.ni.dll
MOD - [2014/01/15 16:24:31 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\da2aba8446e56504cc2f6ee5dc357384\System.ServiceModel.ni.dll
MOD - [2014/01/15 16:24:06 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1f02616816b9aaf29d2d93b7a0fdfc9d\System.ServiceModel.Web.ni.dll
MOD - [2014/01/15 16:07:56 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\21482b114917a59206b0620314337000\WindowsFormsIntegration.ni.dll
MOD - [2014/01/15 16:04:41 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\1e2d8f94ba04e5262f8814ce22af6bdb\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/01/15 16:04:40 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\12d171dd78ad02e8561a46bf266c5394\SMDiagnostics.ni.dll
MOD - [2014/01/15 16:04:39 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fc36679c453643647e96c591827c88ee\System.Runtime.Serialization.ni.dll
MOD - [2014/01/15 16:04:34 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\581de19374a972d0d8ec2f894d8b8232\System.ServiceProcess.ni.dll
MOD - [2014/01/15 16:04:22 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2014/01/15 16:04:18 | 012,177,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\f1e175012aeab7bdd6fa0e51fd97c590\System.Web.ni.dll
MOD - [2014/01/15 16:04:00 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9f37a2a23772a8e9dcbef5c6b6ebe0ad\System.Transactions.ni.dll
MOD - [2014/01/15 12:56:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll
MOD - [2014/01/15 12:56:01 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\01b13b4f315138d1a766091e55affd58\System.Data.ni.dll
MOD - [2014/01/15 12:55:48 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2a21510532f520930dba2d111b4ebb5\PresentationFramework.ni.dll
MOD - [2014/01/15 12:55:41 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2014/01/15 12:55:37 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\fe632299b15c3acf0447828a4e23c9ce\System.Data.Linq.ni.dll
MOD - [2014/01/15 12:55:19 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aeb0f87b0bc25143473c460d018a96f7\PresentationCore.ni.dll
MOD - [2014/01/15 12:55:19 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll
MOD - [2014/01/15 12:55:13 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll
MOD - [2014/01/15 12:54:58 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2014/01/15 12:54:56 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2014/01/15 12:54:54 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fe3923469740732d7c0c2f35bd1f167e\WindowsBase.ni.dll
MOD - [2014/01/15 12:54:47 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2014/01/15 12:54:38 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\91bc7f6fd5295405b227cecc0e232ce8\System.Numerics.ni.dll
MOD - [2014/01/15 12:54:37 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2012/11/14 14:45:30 | 000,963,456 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2012/10/16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Users\alessio\AppData\Local\Temp\REDVLQ.exe -- (REDVLQ)
SRV - File not found [On_Demand | Stopped] -- C:\Users\alessio\AppData\Local\Temp\MATYBBGAEBMTMXR.exe -- (MATYBBGAEBMTMXR)
SRV - [2014/09/09 21:45:18 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/27 15:00:42 | 000,160,048 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/08/27 12:59:49 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/27 12:59:30 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/25 12:08:42 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2014/07/25 10:51:56 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2014/05/21 12:22:08 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/16 22:12:44 | 005,306,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2014/03/25 20:22:16 | 001,663,192 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/12/04 16:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/30 15:44:38 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/15 05:45:50 | 000,338,728 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\System32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2013/01/31 13:21:23 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/14 14:45:30 | 000,526,208 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012/02/21 20:40:19 | 000,051,214 | ---- | M] () [Auto | Running] -- D:\cygwin\bin\cygrunsrv.exe -- (sshd)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/02 18:34:54 | 000,353,800 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2010/10/13 23:32:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swvnic.sys -- (SWVNIC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\ckldrv.sys -- (NetworkX)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\alessio\AppData\Local\Temp\kxtiqfoc.sys -- (kxtiqfoc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcim.sys -- (Bcim)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a157iyh8)
DRV - [2014/07/14 14:28:18 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014/06/26 07:33:56 | 000,015,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\hmd.sys -- (HMD)
DRV - [2014/06/26 07:33:42 | 000,035,064 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2014/06/03 14:22:39 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/04/16 22:12:56 | 000,607,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2014/04/16 22:12:56 | 000,092,656 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2014/04/16 22:12:56 | 000,043,728 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2014/04/16 22:12:54 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/11/30 00:27:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/04/27 01:57:37 | 000,037,904 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\covpnwlh.sys -- (urvpndrv)
DRV - [2013/04/27 01:57:29 | 000,014,864 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urfltwlh.sys -- (f5ipfw)
DRV - [2013/02/24 14:03:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/01/31 13:21:23 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/10/12 09:54:52 | 000,013,728 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2012/10/12 09:20:38 | 000,069,024 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2012/10/12 09:20:38 | 000,011,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2012/02/08 00:50:46 | 000,081,480 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2012/02/08 00:50:46 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nglog.sys -- (NgLog)
DRV - [2012/02/08 00:50:46 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2012/02/08 00:50:46 | 000,023,112 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 06:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/10/05 09:54:44 | 000,564,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2011/02/17 19:06:10 | 000,160,560 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/02/17 19:06:10 | 000,122,032 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/02/17 19:06:10 | 000,111,152 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/02/17 19:06:10 | 000,044,784 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/02/02 18:34:54 | 000,129,304 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/12 12:47:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/14 01:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 83 D9 A1 1A 6A CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;10.155.216.*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.risorse.int:8080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: D:\Program Files\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: D:\Program Files\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: D:\Program Files\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\alessio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\alessio\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\alessio\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\alessio\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox 4\components [2014/09/02 21:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox 4\plugins [2014/09/02 21:16:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/03/28 09:28:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2014/03/19 12:00:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0\extensions\\Components: D:\Program Files\Mozilla Firefox 4\components [2014/09/02 21:16:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox 4\plugins [2014/09/02 21:16:31 | 000,000,000 | ---D | M]
[2010/10/12 09:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alessio\AppData\Roaming\Mozilla\Extensions
[2014/08/28 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alessio\AppData\Roaming\Mozilla\Firefox\Profiles\28a4164g.default\extensions
[2014/08/28 08:43:55 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\alessio\AppData\Roaming\Mozilla\Firefox\Profiles\28a4164g.default\extensions\[email protected]
[2014/09/09 21:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alessio\AppData\Roaming\Mozilla\Firefox\Profiles\iikw8f4t.default\extensions
[2013/05/26 20:11:23 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\alessio\AppData\Roaming\Mozilla\Firefox\Profiles\iikw8f4t.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2014/03/28 17:43:20 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\alessio\AppData\Roaming\Mozilla\Firefox\Profiles\iikw8f4t.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2014/09/09 21:07:41 | 000,000,000 | ---D | M] ("PrivDog") -- C:\Users\alessio\AppData\Roaming\Mozilla\Firefox\Profiles\iikw8f4t.default\extensions\[email protected]
[2014/09/07 19:39:09 | 004,222,513 | ---- | M] () (No name found) -- C:\Users\alessio\AppData\Roaming\Mozilla\Firefox\Profiles\iikw8f4t.default\extensions\[email protected]
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\alessio\AppData\Local\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\alessio\AppData\Local\Google\Chrome\Application\37.0.2062.102\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\alessio\AppData\Local\Google\Chrome\Application\37.0.2062.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Mozilla Firefox 4\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = D:\Program Files\Mozilla Firefox 4\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = D:\Program Files\Mozilla Firefox 4\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\Program Files\Mozilla Firefox 4\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\Program Files\Mozilla Firefox 4\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\alessio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - default_search_provider: 84CA29FA927C9599279C49BEDF37C334D6390A74502D1F80DA82206F91FA1D1D (Enabled)
CHR - default_search_provider: search_url = 1C9062DF6377FD4DBE01CD4A8DD1621191882D95A5AA005A7C48D9CF6002CA29
CHR - default_search_provider: suggest_url =
CHR - homepage: 0A2174296F84866AF182F75962CD6D3B47DC865A8A1D6A269726ECB87A4ACFF8
CHR - Extension: YouTube = C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Avira Browser Safety = C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.3.1_0\
CHR - Extension: Google Wallet = C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/03/28 16:41:30 | 000,003,401 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 10.254.254.253 AFS
O1 - Hosts: 127.0.0.1 209.34.83.73:443
O1 - Hosts: 127.0.0.1 209.34.83.73:43
O1 - Hosts: 127.0.0.1 209.34.83.73
O1 - Hosts: 127.0.0.1 209.34.83.67:443
O1 - Hosts: 127.0.0.1 209.34.83.67:43
O1 - Hosts: 127.0.0.1 209.34.83.67
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 199.7.52.190:80
O1 - Hosts: 127.0.0.1 199.7.52.190
O1 - Hosts: 127.0.0.1 OCSP.SPO1.VERISIGN.COM
O1 - Hosts: 127.0.0.1 199.7.54.72:80
O1 - Hosts: 127.0.0.1 199.7.54.72
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 192.150.18.101
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.8.100
O1 - Hosts: 127.0.0.1 192.150.8.118
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 61 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&sporta in Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Scarica con Mipony - file://D:\Program Files\MiPony\Browser\IEContext.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\alessio\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://vpn.gse.it/S...LL/extender.cab (SlimClient Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\alessio\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\alessio\AppData\Local\Temp\f5tmp\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\alessio\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\alessio\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19C56772-CFE4-41ED-8F1D-854D4D26C4AB}: NameServer = 192.107.71.13 192.107.71.96
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B6E4FB-C54E-4963-8E22-83B26F2B88DB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BD5E3A2-72C8-42C7-A972-DFBBD36EA5E1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C60612-4415-4DD9-94CA-EF79A4E28A38}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F632BAD-8F7B-4C1F-BFFB-9582A79512E4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{522CE6EA-1503-44B7-ADB9-8CD01FB6BB97}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B0DB7F-07D5-48F6-B43A-F33B8AE3A9A9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F237717-9B68-47C0-B455-DFE793CE4388}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA5A55DD-C8A3-4E58-83C0-62F34B3EC15C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1298D6C-FFE4-4341-864F-58902D7D83FB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9491475-7E32-4603-8A25-9A2DDC6C47B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDFEDFA9-2183-40D3-B5B2-2EEC1E47C8FF}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (lorer.exe) - C:\Windows\explorer.) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12600e23-d568-11df-a942-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{12600e23-d568-11df-a942-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe
O33 - MountPoints2\{fc3e046c-d6cb-11df-8eb3-0018f3fdf042}\Shell - "" = AutoRun
O33 - MountPoints2\{fc3e046c-d6cb-11df-8eb3-0018f3fdf042}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/09/12 09:14:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\alessio\Desktop\OTL.exe
[2014/09/12 07:53:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/09/12 07:48:22 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\alessio\Desktop\tdsskiller.exe
[2014/09/12 07:46:38 | 005,577,449 | ---- | C] (Swearware) -- C:\Users\alessio\Desktop\ComboFix.exe
[2014/09/11 22:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/09/11 22:39:17 | 000,000,000 | ---D | C] -- C:\Users\alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/09/11 21:18:55 | 000,000,000 | ---D | C] -- C:\Users\alessio\Desktop\rr
[2014/09/11 21:14:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/11 17:10:40 | 000,000,000 | ---D | C] -- C:\Users\alessio\AppData\Roaming\ImgBurn
[2014/09/11 17:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/09/11 16:39:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/09/11 15:02:03 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/11 15:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/11 15:01:33 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/09/11 15:01:33 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/09/11 15:01:33 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/09/11 15:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/09/11 15:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/10 18:36:59 | 000,000,000 | ---D | C] -- C:\Users\alessio\Desktop\Foto
[2014/09/05 11:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/09/01 09:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/31 09:41:39 | 000,083,016 | ---- | C] (Wondershare Software) -- C:\Windows\System32\WSMonEditor.dll
[2014/08/31 09:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2014/08/31 09:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFEditor
[2014/08/31 09:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2014/08/31 09:06:16 | 000,000,000 | ---D | C] -- C:\Users\alessio\AppData\Roaming\Free PDF to Word Converter
[2014/08/30 11:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2014/08/30 09:18:47 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2014/08/30 09:14:32 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014/08/30 09:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adtrustmedia
[2014/08/30 09:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014/08/30 09:12:58 | 000,000,000 | ---D | C] -- C:\Users\alessio\AppData\Local\Comodo
[2014/08/30 09:12:54 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2014/08/30 09:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2014/08/30 09:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014/08/30 09:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2014/08/29 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\alessio\.appwork
[2014/08/29 12:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2014/08/28 20:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[2014/08/28 20:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinDjView
[2014/08/28 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\alessio\AppData\Local\Wondershare
[2014/08/28 16:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2014/08/28 16:14:46 | 000,000,000 | ---D | C] -- C:\Users\alessio\AppData\Roaming\Wondershare
[2014/08/28 16:13:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/08/27 17:26:23 | 000,000,000 | ---D | C] -- C:\Users\alessio\Desktop\pmp
[2014/08/27 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\alessio\Desktop\LITUANIA
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/09/12 09:24:01 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/12 09:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alessio\Desktop\OTL.exe
[2014/09/12 08:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/12 08:43:00 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1949476442-1459824658-3865976531-1001UA.job
[2014/09/12 08:43:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1949476442-1459824658-3865976531-1001Core.job
[2014/09/12 07:48:33 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\alessio\Desktop\tdsskiller.exe
[2014/09/12 07:47:02 | 005,577,449 | ---- | M] (Swearware) -- C:\Users\alessio\Desktop\ComboFix.exe
[2014/09/12 07:33:37 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/12 07:33:37 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/12 07:32:36 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/09/12 07:28:22 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/12 07:27:07 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/12 07:24:57 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/09/12 07:24:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/12 07:24:42 | 2717,310,976 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/11 22:39:17 | 000,003,203 | ---- | M] () -- C:\Users\alessio\Desktop\Sophos Virus Removal Tool.lnk
[2014/09/11 17:08:12 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/09/11 16:32:37 | 001,631,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/11 16:32:37 | 001,018,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/11 15:01:38 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/08 15:16:39 | 000,000,600 | ---- | M] () -- C:\Users\alessio\AppData\Local\PUTTY.RND
[2014/09/07 19:41:29 | 002,592,663 | ---- | M] () -- C:\Users\alessio\Documents\Scan0014.pdf
[2014/09/05 11:49:55 | 000,292,414 | ---- | M] () -- C:\Users\alessio\Desktop\pec_5set_mario.sql
[2014/09/05 11:46:32 | 000,001,832 | ---- | M] () -- C:\Users\alessio\AppData\Local\SLC_alessio.prx
[2014/09/02 12:11:10 | 000,006,543 | ---- | M] () -- C:\Users\alessio\Desktop\pec.sql
[2014/09/01 15:48:29 | 002,192,993 | ---- | M] () -- C:\Users\alessio\Documents\Scan0013.pdf
[2014/09/01 15:44:39 | 000,277,716 | ---- | M] () -- C:\Users\alessio\Documents\Scan0012.pdf
[2014/08/31 09:41:09 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare PDF Editor.lnk
[2014/08/30 11:52:05 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/08/30 09:44:12 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2014/08/30 09:38:11 | 000,074,698 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat
[2014/08/27 13:14:00 | 000,000,371 | ---- | M] () -- C:\Users\alessio\Desktop\LITUANIA.zip
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/09/12 07:32:36 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/09/11 22:39:17 | 000,003,203 | ---- | C] () -- C:\Users\alessio\Desktop\Sophos Virus Removal Tool.lnk
[2014/09/11 17:08:12 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/09/11 17:08:12 | 000,000,754 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2014/09/11 15:01:38 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/07 19:41:26 | 002,592,663 | ---- | C] () -- C:\Users\alessio\Documents\Scan0014.pdf
[2014/09/05 11:49:55 | 000,292,414 | ---- | C] () -- C:\Users\alessio\Desktop\pec_5set_mario.sql
[2014/09/02 11:35:48 | 000,006,543 | ---- | C] () -- C:\Users\alessio\Desktop\pec.sql
[2014/09/01 15:48:27 | 002,192,993 | ---- | C] () -- C:\Users\alessio\Documents\Scan0013.pdf
[2014/09/01 15:44:39 | 000,277,716 | ---- | C] () -- C:\Users\alessio\Documents\Scan0012.pdf
[2014/08/31 09:41:09 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare PDF Editor.lnk
[2014/08/30 09:18:44 | 000,074,698 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2014/08/30 09:13:18 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/08/27 13:14:00 | 000,000,371 | ---- | C] () -- C:\Users\alessio\Desktop\LITUANIA.zip
[2014/06/26 07:33:56 | 000,015,400 | ---- | C] () -- C:\Windows\System32\drivers\hmd.sys
[2014/04/11 18:28:26 | 000,000,132 | ---- | C] () -- C:\Users\alessio\AppData\Roaming\Preferenze Adobe Formato Targa CS6
[2013/11/20 22:56:50 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/11/20 22:56:17 | 000,000,009 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/10/21 18:25:32 | 000,000,469 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/10/07 17:24:48 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/09/27 13:56:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013/09/27 13:56:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013/09/27 13:56:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013/09/27 13:56:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2013/09/27 13:56:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013/09/27 13:56:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013/09/27 13:56:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013/09/27 13:56:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013/09/27 13:56:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013/09/27 13:56:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013/09/27 13:56:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013/09/27 13:56:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013/09/27 13:56:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013/09/27 13:56:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013/09/27 13:56:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013/09/27 13:56:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013/09/27 13:56:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013/09/27 13:56:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2013/09/27 13:56:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013/09/16 10:05:49 | 000,001,832 | ---- | C] () -- C:\Users\alessio\AppData\Local\SLC_alessio.prx
[2013/07/17 16:49:06 | 000,228,031 | ---- | C] () -- C:\Users\alessio\caCertsList
[2013/07/17 16:49:06 | 000,000,339 | ---- | C] () -- C:\Users\alessio\dike.ini
[2013/06/25 16:23:10 | 000,000,600 | ---- | C] () -- C:\Users\alessio\AppData\Roaming\winscp.rnd
[2013/03/11 19:19:48 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2013/02/15 05:48:00 | 000,156,456 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/02/15 05:47:08 | 000,018,216 | ---- | C] () -- C:\Windows\ngutil.exe
[2012/03/18 10:11:58 | 000,000,838 | ---- | C] () -- C:\Users\alessio\site.xml
[2012/02/24 01:00:00 | 000,000,020 | R--- | C] () -- C:\Users\alessio\.erlang.cookie
[2012/01/18 10:15:00 | 000,002,048 | ---- | C] () -- C:\Users\alessio\AppData\Roaming\FOTOMAX Prefs
[2011/12/20 03:57:06 | 000,000,132 | ---- | C] () -- C:\Users\alessio\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/10/14 18:37:48 | 000,022,016 | ---- | C] () -- C:\Users\alessio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/14 18:00:05 | 000,000,074 | ---- | C] () -- C:\Users\alessio\webphonecfg4.dat
[2011/04/12 22:33:23 | 000,000,132 | ---- | C] () -- C:\Users\alessio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/28 21:09:05 | 000,122,820 | ---- | C] () -- C:\Users\alessio\AppData\Local\debuggee.mdmp
[2010/11/23 12:05:01 | 000,001,456 | ---- | C] () -- C:\Users\alessio\AppData\Local\Adobe Salva per Web e dispositivi 12.0 Prefs
[2010/11/11 23:05:13 | 000,003,452 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/11 23:05:13 | 000,000,088 | RHS- | C] () -- C:\ProgramData\50FAEC745A.sys
[2010/10/18 20:42:25 | 000,000,600 | ---- | C] () -- C:\Users\alessio\AppData\Local\PUTTY.RND
[2010/10/18 18:17:05 | 000,013,030 | ---- | C] () -- C:\Users\alessio\AppData\Local\PDOXUSRS.NET
[2010/10/12 00:00:55 | 000,000,741 | ---- | C] () -- C:\Users\alessio\.Xauthority
========== ZeroAccess Check ==========
[2009/07/14 06:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/11/08 20:14:42 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\.purple
[2011/09/27 10:27:59 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\AnvSoft
[2013/04/19 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Aventail
[2010/10/24 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Axialis
[2010/11/11 19:19:25 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Borland
[2012/01/20 17:44:06 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Canon
[2011/07/02 16:36:25 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\CCS64
[2010/11/05 22:51:09 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Charles
[2011/12/27 18:28:51 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/16 10:04:43 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\CheckPoint
[2012/02/29 00:28:31 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Citrix
[2010/10/28 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\CodeGear
[2013/11/22 14:27:09 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\com.adobe.amp
[2014/05/13 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\DAEMON Tools Lite
[2014/04/20 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\DVDVideoSoft
[2013/10/16 23:15:15 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\DxO Labs
[2014/02/18 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Embarcadero
[2011/10/03 19:44:21 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\EssentialPIM
[2011/04/17 17:47:32 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\eTeks
[2014/09/11 23:06:43 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\FileZilla
[2012/01/18 10:14:33 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\FOTOMAX
[2014/08/31 09:06:16 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Free PDF to Word Converter
[2011/04/30 09:28:44 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\FreeVideoConverter
[2011/07/01 08:33:53 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\GetRightToGo
[2011/05/04 19:41:10 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\GHISLER
[2011/12/21 19:18:54 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\HDRsoft
[2011/04/05 11:27:21 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Hornil
[2013/05/20 09:52:28 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\ICAClient
[2011/03/16 00:57:24 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\ICSharpCode
[2013/12/11 17:04:50 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Imagenomic
[2014/09/11 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\ImgBurn
[2010/10/29 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\InnoIDE
[2010/10/29 13:40:41 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\ISTool
[2013/10/23 13:31:35 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\it.myphotobook.creator
[2013/05/10 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\it.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/03/24 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\JDeveloper
[2011/05/03 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\KompoZer
[2011/04/20 15:14:14 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Leadertech
[2011/11/18 10:33:41 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\LibreOffice
[2011/01/10 18:38:30 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Logicnet
[2012/02/03 00:36:56 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Mask Pro 4.0
[2013/12/11 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\miner
[2013/02/22 19:13:56 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Mipony
[2011/11/19 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\MyFirstApp
[2014/06/06 10:37:50 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\MySQL
[2013/03/22 19:44:04 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Nik Software
[2014/01/09 02:01:48 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\onOne Software
[2011/05/03 09:44:31 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\OpenOffice.org
[2010/10/12 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Opera
[2010/11/11 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\QualityCentral
[2014/04/30 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Quest Software
[2014/02/18 09:19:39 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\SmartBear
[2011/09/03 10:13:50 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\SmartDraw
[2014/01/28 00:47:16 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Sports Interactive
[2010/11/16 12:07:01 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/02/18 09:20:22 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Subversion
[2014/01/27 11:22:50 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\TeamViewer
[2014/09/05 00:37:17 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\uTorrent
[2014/01/16 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Wacom
[2014/01/16 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\wacomid-desktop-launcher
[2014/01/16 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2014/08/28 16:28:37 | 000,000,000 | ---D | M] -- C:\Users\alessio\AppData\Roaming\Wondershare
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/11/26 09:14:45 | 106,156,080 | ---- | M] ()(C:\Windows\System32\|??`) -- C:\Windows\System32\❘윊ᵌ`
[2013/11/26 09:14:45 | 106,156,080 | ---- | C] ()(C:\Windows\System32\|??`) -- C:\Windows\System32\❘윊ᵌ`
[2013/11/09 03:52:35 | 103,347,145 | ---- | M] ()(C:\Windows\System32\???^) -- C:\Windows\System32\達ꕥᵌ^
[2013/11/08 15:54:32 | 103,347,145 | ---- | C] ()(C:\Windows\System32\???^) -- C:\Windows\System32\達ꕥᵌ^
[2013/10/25 21:19:08 | 103,054,676 | ---- | M] ()(C:\Windows\System32\???o) -- C:\Windows\System32\噟ᵌo
[2013/10/25 09:19:11 | 103,054,676 | ---- | C] ()(C:\Windows\System32\???o) -- C:\Windows\System32\噟ᵌo
[2013/09/30 09:50:52 | 098,486,516 | ---- | M] ()(C:\Windows\System32\???k) -- C:\Windows\System32\撞銕ᵌk
[2013/09/30 09:50:52 | 098,486,516 | ---- | C] ()(C:\Windows\System32\???k) -- C:\Windows\System32\撞銕ᵌk
========== Alternate Data Streams ==========
@Alternate Data Stream - 384 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D5AD7675
< End of report >
Sign In
Create Account
