My connection doesnt work when I turn my pc on

**MagicAndry** · 19.05.2012, 11:48

Hello everyone,

I have a connection problem. Everytime I turn my computer on the Internet connection doesn't work; I need to reboot my router so connection works for a while but then I get disconnected again.
Even laptops connected through wifi get disconnected when I turn my PC on. Therefore I though I may have a malware or something similar. I've been serching on the Internet a solution to my problem but I found nothing. I'm desperate.

I'm going to post my Hijackthis log file. I hope you can help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.40.25, on 19/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\5.4\iobitToolbarIE.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\5.4\iobitToolbarIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowse rrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyBa.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\5.4\iobitToolbarIE.dll
O4 - HKLM\..\Run: [avast] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP Premium\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Andrea\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Andrea\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Save YouTube Video - res://C:\Programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1289063721656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1289063627000
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService. exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98b8dd1e9709a) (gupdate1c98b8dd1e9709a) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HideMyIpSRV - HideMyIP - C:\Programmi\Hide My IP\HideMyIpSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe

--
End of file - 11904 bytes

**Jintan** · 20.05.2012, 00:18

Hello MagicAndry,

Some undesirable programs show in this log, but your problem sounds like this system has a DNS changer infection. Let's look in more detail.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
If avast! antivirus is already installed, just do the next step.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

**MagicAndry** · 20.05.2012, 18:13

Thank you very much for answering.
I did all you told me to do. I'm going to attach all the log files you asked me to save.

Here they are:

**Jintan** · 21.05.2012, 00:37

If you check other threads in this forum, you will see we really need the logs posted directly in your request thread. Just too awkward to work with attachments.

**MagicAndry** · 21.05.2012, 18:38

Ok, sorry. I didn't know that.

OTL.TxT

OTL logfile created on: 20/05/2012 12.10.16 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,49% Memory free
5,76 Gb Paging File | 5,10 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): C:\pagefile.sys 4000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 298,08 Gb Total Space | 209,94 Gb Free Space | 70,43% Space Free | Partition Type: NTFS

Computer Name: ANDREA-82954A2D | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 12.07.33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\OTL.exe
PRC - [2012/05/09 05.04.54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Programmi\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15.56.40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/07 02.15.17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 02.15.14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/27 01.15.42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/02/20 22.28.38 | 000,013,672 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Apple Application Support\distnoted.exe
PRC - [2012/02/15 11.32.12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/13 12.21.10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/12/29 22.29.04 | 000,497,496 | ---- | M] (IObit) -- C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/20 08.09.41 | 001,761,792 | ---- | M] () -- C:\Programmi\Alwil Software\Avast5\defs\12052000\algo.dll
MOD - [2012/05/18 19.59.39 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/18 19.59.39 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2012/05/09 05.04.52 | 000,441,840 | ---- | M] () -- C:\Programmi\Google\Chrome\Application\19.0.1084.46\ppgoogle naclpluginchrome.dll
MOD - [2012/05/09 05.04.51 | 003,921,904 | ---- | M] () -- C:\Programmi\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012/05/09 05.03.25 | 000,134,656 | ---- | M] () -- C:\Programmi\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012/05/09 05.03.24 | 000,250,368 | ---- | M] () -- C:\Programmi\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012/05/09 05.03.23 | 002,375,680 | ---- | M] () -- C:\Programmi\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2011/06/24 22.56.36 | 000,087,328 | ---- | M] () -- C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22.56.14 | 001,241,888 | ---- | M] () -- C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/21 16.54.40 | 000,347,024 | ---- | M] () -- C:\Programmi\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16.54.40 | 000,179,088 | ---- | M] () -- C:\Programmi\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16.54.40 | 000,046,480 | ---- | M] () -- C:\Programmi\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2009/02/13 13.44.56 | 000,071,696 | ---- | M] () -- c:\Programmi\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 13.44.52 | 000,207,376 | ---- | M] () -- c:\Programmi\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 13.44.52 | 000,117,264 | ---- | M] () -- c:\Programmi\McAfee\SiteAdvisor\apengine.dll
MOD - [2007/09/20 19.34.58 | 000,129,024 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Unknown] -- C:\Programmi\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - File not found [Disabled | Unknown] -- C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/19 21.21.21 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService. exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/12 10.31.34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programmi\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/04/04 15.56.40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/07 02.15.14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08.50.48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/27 01.15.42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/01/13 12.21.10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programmi\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/12/29 22.29.04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/09/02 15.29.30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/06 18.39.04 | 003,039,536 | ---- | M] (HideMyIP) [On_Demand | Stopped] -- C:\Programmi\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2009/07/21 20.06.50 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 01.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a64ur91o)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a4aas97u)
DRV - [2012/04/04 15.56.40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/07 02.03.51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 02.03.38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 02.02.00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 02.01.53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 02.01.39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 02.01.30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 01.58.29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/15 17.31.41 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programmi\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/23 09.33.10 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/09/23 09.46.08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/06/03 17.07.18 | 000,013,112 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2009/12/30 12.20.54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/19 10.55.40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programmi\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/19 10.55.40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programmi\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 06.16.44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/05/12 16.53.04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlashUsb.sys -- (FlashUSB)
DRV - [2009/04/12 14.51.28 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/01/27 20.12.16 | 000,039,680 | ---- | M] (Gbridge LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gbridge.sys -- (gbridge)
DRV - [2008/11/19 18.09.10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 18.09.08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 18.09.08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/02/14 08.12.02 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/02/14 05.36.34 | 000,222,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2005/09/23 23.18.32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/26 17.25.52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/11/22 18.36.40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programmi\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18.36.34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programmi\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/13 12.56.20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/28 20.53.30 | 000,075,456 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xobex.sys -- (U81xobex)
DRV - [2004/03/28 20.52.38 | 000,077,472 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmgmt.sys -- (U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM)
DRV - [2004/03/28 20.51.42 | 000,084,480 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdm.sys -- (U81xmdm)
DRV - [2004/03/28 20.51.38 | 000,006,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdfl.sys -- (U81xmdfl)
DRV - [2004/03/28 20.50.22 | 000,052,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xbus.sys -- (U81xbus) LGE U8XXX driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programmi\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}&Form=IE8 SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.1
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1
FF - prefs.js..extensions.enabledItems: {d84a846d-f7cb-4187-a408-b171020e8940}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.4
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programmi\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Programmi\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programmi\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Programmi\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Programmi\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlug ins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Programmi\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smar twebprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/09 20.19.32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABD E892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/27 18.43.24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@ avast.com: C:\Programmi\Alwil Software\Avast5\WebRep\FF [2012/03/24 19.20.33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED 1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programmi\McAfee\SiteAdvisor [2012/02/05 13.50.01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/11/13 01.00.43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/11/13 01.00.43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C 1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Programmi\DAP Premium\DAPFireFox [2008/11/21 22.20.21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smart webprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/09 20.19.32 | 000,000,000 | ---D | M]

[2009/01/31 16.34.06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Extensions
[2009/01/31 16.34.06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/12 21.12.33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions
[2010/03/09 19.45.34 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/07 13.32.37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/02/20 21.25.47 | 000,000,000 | ---D | M] (Navigational Sounds) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2009/09/12 13.09.16 | 000,000,000 | ---D | M] ("Illimitux") -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions\illimitux@illimitux.net
[2009/03/07 11.47.40 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions\smartbookmarksbar@remy.juteau
[2010/02/11 22.43.17 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions\smarterwiki@wikiatic.com
[2009/09/13 16.38.35 | 000,000,000 | ---D | M] (Media Stealer) -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\exten sions\stealer@physacco.com
[2008/12/17 22.00.44 | 000,002,106 | ---- | M] () -- C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\searc hplugins\ricerca-video-di-youtube.xml
[2012/05/12 21.12.33 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2010/05/15 13.16.50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/13 23.22.51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/05/12 21.12.33 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/03/23 23.22.23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/02/09 23.40.56 | 000,000,000 | ---D | M] (HideMyIP) -- C:\Programmi\Mozilla Firefox\extensions\proxy@hide-my-ip.com
[2011/01/27 18.43.24 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DATI APPLICAZIONI\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/03/24 19.20.33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMMI\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2009/08/31 14.30.10 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAMMI\FILE COMUNI\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2012/04/14 13.50.45 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMMI\FILE COMUNI\SPIGOT\WTXPCOM
[2010/11/09 20.19.32 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAMMI\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2012/04/14 13.50.46 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAMMI\IOBIT TOOLBAR\FF
[2012/03/23 23.22.08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/05 13.50.01 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAMMI\MCAFEE\SITEADVISOR
[2012/03/23 23.22.07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/15 21.24.02 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2010/02/19 17.21.37 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2009/08/15 21.24.02 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2009/08/15 21.24.02 | 000,000,649 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestio n}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter} {google:instantFieldTrialGroupParameter}sourceid=chrome&ie={ inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParame ter}{google:instantFieldTrialGroupParameter}client=chrome&hl ={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.46\ppGoogle NaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.46\gcswf32. dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.4 1.122.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Programmi\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programmi\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlug ins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Programmi\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2 .5_0\
CHR - Extension: Ricerca Google = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0 .0.19_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.4 1.122.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0 .1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3 _0\
CHR - Extension: Gmail = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 \

O1 HOSTS File: ([2006/03/02 14.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowse rrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programmi\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programmi\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programmi\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Programmi\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP Premium\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP Premium\dapextie2.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Andrea\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Andrea\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Save YouTube Video - C:\Programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1289063721656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1289063627000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB9167 A6-471D-43BC-8514-AA12B603378F}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programmi\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programmi\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/21 20.05.33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/28 21.33.52 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1d52947c-de83-11df-a691-001fc6bbf4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{1d52947c-de83-11df-a691-001fc6bbf4e3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
O33 - MountPoints2\{31c0bbe4-4ba6-11de-a3c7-001fc6bbf4e3}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{63e01e28-9172-11de-a470-001fc6bbf4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{63e01e28-9172-11de-a470-001fc6bbf4e3}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 16.30.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Chrome
[2012/05/19 16.29.42 | 000,000,000 | ---D | C] -- C:\Programmi\Google
[2012/05/19 16.26.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrea\Recent
[2012/05/19 16.22.27 | 000,739,864 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Andrea\Desktop\ChromeSetup.exe
[2012/05/12 21.19.49 | 000,021,336 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2012/05/12 16.57.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Advanced SystemCare 5
[2012/04/22 00.43.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\iTunes
[2012/04/22 00.42.40 | 000,000,000 | ---D | C] -- C:\Programmi\iPod
[2012/04/22 00.40.44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/21 12.22.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Desktop\TicketOne
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/20 12.00.03 | 000,001,264 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-1563985344-725345543-1004UA.job
[2012/05/20 11.34.25 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 11.33.38 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/05/20 11.33.33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 07.08.57 | 000,482,394 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/05/20 07.08.57 | 000,435,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/20 07.08.57 | 000,080,604 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/05/20 07.08.57 | 000,068,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/19 23.21.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/19 22.11.01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/19 21.21.21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/19 21.21.21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/19 21.10.18 | 000,001,242 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-1563985344-725345543-1004Core1cc406eafb917a8.job
[2012/05/19 16.42.13 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 16.31.16 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Google Chrome.lnk
[2012/05/19 16.26.49 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1563985344-725345543-1004.job
[2012/05/19 16.26.49 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1563985344-725345543-1004.job
[2012/05/19 16.22.28 | 000,739,864 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Andrea\Desktop\ChromeSetup.exe
[2012/05/19 14.32.42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/19 14.29.46 | 000,482,766 | ---- | M] () -- C:\WINDOWS\System32\prfh0410.dat
[2012/05/19 14.29.46 | 000,080,826 | ---- | M] () -- C:\WINDOWS\System32\prfc0410.dat
[2012/05/12 11.55.42 | 000,153,700 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Calendario_Actividades_Docentes2012-2013.pdf
[2012/05/10 21.17.23 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/05/09 19.33.23 | 004,028,019 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\Informacion Estudiantes Extranjeros.pdf
[2012/04/22 00.43.49 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/21 13.12.55 | 000,032,656 | ---- | M] () -- C:\Documents and Settings\Andrea\Desktop\lingua inglese e comunicazioneII_RUSSOG.pdf
[2012/04/21 13.06.56 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 16.31.16 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Google Chrome.lnk
[2012/05/19 14.29.46 | 000,482,766 | ---- | C] () -- C:\WINDOWS\System32\prfh0410.dat
[2012/05/19 14.29.46 | 000,080,826 | ---- | C] () -- C:\WINDOWS\System32\prfc0410.dat
[2012/05/12 11.55.46 | 000,153,700 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Calendario_Actividades_Docentes2012-2013.pdf
[2012/05/09 19.33.39 | 004,028,019 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\Informacion Estudiantes Extranjeros.pdf
[2012/04/22 00.43.49 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/21 13.12.55 | 000,032,656 | ---- | C] () -- C:\Documents and Settings\Andrea\Desktop\lingua inglese e comunicazioneII_RUSSOG.pdf
[2011/05/15 11.49.15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/15 11.49.15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/17 12.17.28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/09 23.40.52 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2010/11/25 13.11.51 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2010/11/09 20.05.21 | 000,202,455 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2010/11/09 20.05.21 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2010/07/04 22.35.24 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/24 11.04.19 | 000,203,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat

< End of report >

Extras.TxT

OTL Extras logfile created on: 20/05/2012 12.10.16 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,49% Memory free
5,76 Gb Paging File | 5,10 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): C:\pagefile.sys 4000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 298,08 Gb Total Space | 209,94 Gb Free Space | 70,43% Space Free | Partition Type: NTFS

Computer Name: ANDREA-82954A2D | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programmi\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programmi\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programmi\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programmi\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programmi\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrServi ce]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPo rts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpen Ports\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"5720:TCP" = 5720:TCP:*:Enabled:Jumi Controller
"5720:UDP" = 5720:UDP:*:Enabled:Jumi Controller
"443:TCP" = 443:TCP:*

isabled:Porta TCP ooVoo 443
"443:UDP" = 443:UDP:*

isabled:Porta UDP ooVoo 443
"37674:TCP" = 37674:TCP:*

isabled:Porta TCP ooVoo 37674
"37674:UDP" = 37674:UDP:*

isabled:Porta UDP ooVoo 37674
"37675:UDP" = 37675:UDP:*

isabled:Porta UDP ooVoo 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedAppl ications\List]
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\HP Software Update\HPWUCli.exe" = C:\Programmi\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpznui01.exe" = C:\Programmi\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedAp plications\List]
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\HP Software Update\HPWUCli.exe" = C:\Programmi\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpznui01.exe" = C:\Programmi\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Programmi\mIRC\mirc.exe" = C:\Programmi\mIRC\mirc.exe:*

isabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe" = C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\Java\jre6\bin\java.exe" = C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\LimeWire\LimeWire.exe" = C:\Programmi\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programmi\Google\Chrome\Application\chrome.exe" = C:\Programmi\Google\Chrome\Application\chrome.exe:*:Enabled: Google Chrome -- (Google Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programmi\Google\Google Earth\plugin\geplugin.exe" = C:\Programmi\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Programmi\Remote Mouse\server\server.exe" = C:\Programmi\Remote Mouse\server\server.exe:*:Enabled:Remote Mouse Server -- ()
"C:\Programmi\Jumi\jumi.exe" = C:\Programmi\Jumi\jumi.exe:*:Enabled:Jumi Controller -- (Jumi Technologies)
"C:\Documents and Settings\Andrea\Dati applicazioni\Spotify\spotify.exe" = C:\Documents and Settings\Andrea\Dati applicazioni\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\FacebookVideoCalling.exe:* :Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Programmi\ooVoo\ooVoo.exe" = C:\Programmi\ooVoo\ooVoo.exe:*:Enabled

oVoo -- (ooVoo LLC)
"C:\Programmi\Skype\Plugin Manager\skypePM.exe" = C:\Programmi\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall]
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2646FB-7BAC-451B-BF90-4889C4429C5E}" = Philips SPC 200NC PC Camera
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3E7571A4-70FA-41cb-8AB4-9E043017FA7A}" = IObit Toolbar v5.4
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.3
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75623A4B-C4D6-4314-B869-1C018B8E54FB}_is1" = Windows Live Messenger Backup
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{84EC9EA8-8FC5-020D-77A7-4AA6E99A04D5}" = Global eWorkbook - Upper Intermediate
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C552184B-E4BE-479E-9A4A-6E51ED46ABE7}" = LiveUpload to Facebook
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D130E8E3-C39F-4572-A622-8636BBB09865}" = LG Phone Manager
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Disinstallare LG PC Suite III
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF487E0B-8B2F-430B-A7F9-94DEF592555D}" = RTC Client API v1.3 msm
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Pacchetto driver Windows - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Any Video Converter_is1" = Any Video Converter 2.7.7
"Ashampoo WinOptimizer Platinum 3" = Ashampoo WinOptimizer Platinum 3
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DAP Premium" = DAP Premium
"EADM" = EA Download Manager
"eMule" = eMule
"eMule AdunanzA" = AdunanzA
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software per stampante EPSON
"Francese" = Francese
"Free Studio_is1" = Free Studio version 4.7
"Global-UpperIntermediate.F58001C6A320BE09FB6D7E092A4A96AA9BF1591A.1 " = Global eWorkbook - Upper Intermediate
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HMIP50_is1" = Hide My IP 5.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8 Beta 2
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma
"InstallShield_{D130E8E3-C39F-4572-A622-8636BBB09865}" = LG Phone Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.61.0.1400
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"RegistryBooster2_is1" = Uniblue RegistryBooster2
"Shop for HP Supplies" = Shop for HP Supplies
"SpyEraser_is1" = Uniblue SpyEraser
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"TunnelBear" = TunnelBear 1.0.28
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall]
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

Error - 20/06/2010 16.23.07 | Computer Name = ANDREA-82954A2D | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/05/2012 9.13.43 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/05/2012 9.13.43 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1984

Error - 12/05/2012 9.13.43 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1984

Error - 12/05/2012 15.03.16 | Computer Name = ANDREA-82954A2D | Source = Google Update | ID = 20
Description =

Error - 13/05/2012 13.17.57 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/05/2012 13.17.57 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3921

Error - 13/05/2012 13.17.57 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3921

Error - 18/05/2012 7.53.47 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(d8:9e:3f:26:7a:83@fe80::da9e:3fff:fe26:7a8 3._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 19/05/2012 9.03.32 | Computer Name = ANDREA-82954A2D | Source = Google Update | ID = 20
Description =

Error - 20/05/2012 5.42.42 | Computer Name = ANDREA-82954A2D | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(d8:9e:3f:26:7a:83@fe80::da9e:3fff:fe26:7a8 3._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ System Events ]
Error - 16/05/2012 13.52.45 | Computer Name = ANDREA-82954A2D | Source = W32Time | ID = 39452701
Description = Il time provider NtpClient è configurato per acquisire l'ora da una
o più origini dell'ora, ma nessuna origine dell'ora è accessibile attualmente e non
verrà eseguito alcun tentativo di contattare un'origine per 14 minuti. NtpClient
non dispone di alcuna origine di ora esatta.

Error - 16/05/2012 13.53.00 | Computer Name = ANDREA-82954A2D | Source = W32Time | ID = 39452689
Description = Time providerNtpClient: si è verificato un errore durante la ricerca
DNS del peer configurato manualmente 'time.windows.com,0x1'. NtpClient ritenterà
la ricerca DNS fra 15 minuti. Errore Tentativo di operazione del socket verso un
host non raggiungibile. (0x80072751)

Error - 16/05/2012 13.53.00 | Computer Name = ANDREA-82954A2D | Source = W32Time | ID = 39452701
Description = Il time provider NtpClient è configurato per acquisire l'ora da una
o più origini dell'ora, ma nessuna origine dell'ora è accessibile attualmente e non
verrà eseguito alcun tentativo di contattare un'origine per 14 minuti. NtpClient
non dispone di alcuna origine di ora esatta.

Error - 18/05/2012 7.41.16 | Computer Name = ANDREA-82954A2D | Source = DCOM | ID = 10010
Description = Il server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} non si è registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 18/05/2012 14.37.36 | Computer Name = ANDREA-82954A2D | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.105 dell'indirizzo IP della scheda di rete con
indirizzo 001FC6BBF4E3 è stato negato dal server DHCP 0.0.0.0. Il server DHCP ha
inviato un messaggio DHCPNACK.

Error - 18/05/2012 14.40.36 | Computer Name = ANDREA-82954A2D | Source = Dhcp | ID = 1002
Description = Il lease 10.224.123.14 dell'indirizzo IP della scheda di rete con
indirizzo 001FC6BBF4E3 è stato negato dal server DHCP 192.168.0.1. Il server DHCP
ha inviato un messaggio DHCPNACK.

Error - 18/05/2012 14.40.46 | Computer Name = ANDREA-82954A2D | Source = Dhcp | ID = 1002
Description = Il lease 10.224.123.14 dell'indirizzo IP della scheda di rete con
indirizzo 001FC6BBF4E3 è stato negato dal server DHCP 192.168.0.1. Il server DHCP
ha inviato un messaggio DHCPNACK.

Error - 19/05/2012 8.24.47 | Computer Name = ANDREA-82954A2D | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio McAfee SiteAdvisor Service. Questo
evento si è già verificato 1 volta(e).

Error - 19/05/2012 8.24.54 | Computer Name = ANDREA-82954A2D | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio MBAMService. Questo evento si
è già verificato 1 volta(e).

Error - 19/05/2012 10.19.11 | Computer Name = ANDREA-82954A2D | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.100 dell'indirizzo IP della scheda di rete con
indirizzo 001FC6BBF4E3 è stato negato dal server DHCP 0.0.0.0. Il server DHCP ha
inviato un messaggio DHCPNACK.

< End of report >

GMER log.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-20 17:43:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 MAXTOR_STM3320820AS rev.3.AAE
Running: 5ffgwif5.exe; Driver: C:\DOCUME~1\Andrea\IMPOST~1\Temp\fwroikob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB4C74DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB4D40A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB4C7585E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB4CA1D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB4C7A2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB4C7A330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB4C7A422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB4CA1711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB4C7A252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB4C7A374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB4C7A29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB4C7A3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB4C74E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB4CA2423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB4CA26D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB4C779A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4CA228E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB4CA20F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB4D40B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB4C74AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB4C74E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB4C77D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB4C75B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB4C7A30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB4C7A352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB4C7A446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB4CA1A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB4C7A278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB4C77518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB4C7A3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB4C7A2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB4C7774C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB4C7A400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB4D40CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB4CA1F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB4C759CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB4CA1DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB4D4AB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB4CA0D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB4C74EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB4C74F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB4C74B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB4C74CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB4CA252A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB4C74C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB4C74D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xB4D40D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB4C74F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB4D40BE0]

INT 0x62 ? 89E54BF8
INT 0x63 ? 89E54BF8
INT 0x63 ? 89E54BF8
INT 0x63 ? 89CF4F00
INT 0x63 ? 89E54BF8
INT 0x82 ? 89E54BF8
INT 0x83 ? 89CF4F00
INT 0xA4 ? 89CF4F00
INT 0xB4 ? 89CF4F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D8D 80504629 7 Bytes [A3, C7, B4, 52, A3, C7, B4]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL B4C7619F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? spbv.sys Impossibile trovare il file specificato. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB74CA360, 0x3CEED5, 0xE8000020]
.text USBPORT.SYS!DllUnload B74828AC 5 Bytes JMP 89CF44E0
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB50E1280]
.text win32k.sys!EngFreeUserMem + 674 BF809F5F 5 Bytes JMP B4C79180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 3625 BF80CF10 5 Bytes JMP B4C7907C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF81387E 5 Bytes JMP B4C79036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E6C3 5 Bytes JMP B4C77E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 199A BF820DEC 5 Bytes JMP B4C78724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82860B 5 Bytes JMP B4C77F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF8384E0 5 Bytes JMP B4C792EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF8389FE 5 Bytes JMP B4C78F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B44D 5 Bytes JMP B4C794F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D971 BF8457B9 5 Bytes JMP B4C77FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 1138C BF8491D4 5 Bytes JMP B4C7870C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2E60 BF852667 5 Bytes JMP B4C787E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF852727 5 Bytes JMP B4C77E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857CBB 5 Bytes JMP B4C79450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF85E4FD 5 Bytes JMP B4C79232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF8633A7 5 Bytes JMP B4C790BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + C6E7 BF86C2D3 5 Bytes JMP B4C78384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + C772 BF86C35E 5 Bytes JMP B4C78562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF884F0B 5 Bytes JMP B4C7851C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8A2193 5 Bytes JMP B4C787FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 1032F BF8C3127 5 Bytes JMP B4C78104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3B8B BF8F0325 5 Bytes JMP B4C77D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + B468 BF8F7C02 5 Bytes JMP B4C7873C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + D6D7 BF8F9E71 5 Bytes JMP B4C781AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + D957 BF8FA0F1 5 Bytes JMP B4C782E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF9126F5 5 Bytes JMP B4C77F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9132C9 5 Bytes JMP B4C780B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC7 BF915C28 5 Bytes JMP B4C7867C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF943A19 5 Bytes JMP B4C793A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[196] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[208] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[208] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[208] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[208] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[208] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[208] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[208] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[208] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[300] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[300] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[300] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[300] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[300] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[300] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[300] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[300] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[300] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001601F8
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 003E1014
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\5ffgwif5.exe[400] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003F03FC
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001501F8
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001503FC
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 003A1014
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 003A0804
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 003A0A08
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 003A0C0C
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 003A0E10
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003A01F8
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003A03FC
.text C:\Programmi\McAfee\SiteAdvisor\McSACore.exe[444] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 003A0600
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001501F8
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001503FC
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 003A1014
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 003A0804
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 003A0A08
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 003A0C0C
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 003A0E10
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003A01F8
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003A03FC
.text C:\Programmi\Common Files\Motive\McciCMService.exe[456] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\svchost.exe[496] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[496] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[496] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[496] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[496] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[496] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[496] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[496] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[496] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[588] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001501F8
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001503FC
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 00391014
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 00390804
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 00390A08
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 00390C0C
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 00390E10
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003901F8
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003903FC
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 00390600
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Programmi\Java\jre6\bin\jqs.exe[796] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\smss.exe[812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[868] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[892] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[892] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[892] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[892] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[892] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[892] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[892] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[936] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[936] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[936] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[936] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[936] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[936] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[948] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[948] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[948] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[948] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[948] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[948] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[948] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000501F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000503FC
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 003D1014
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 003D0804
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 003D0A08
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 003D0C0C
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 003D0E10
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003D01F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003D03FC
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 003D0600
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E0804
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0A08
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E0600
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E01F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[1000] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E03FC
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001401F8
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001403FC
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 00381014
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 00380804
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 00380A08
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 00380C0C
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 00380E10
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003801F8
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003803FC
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 00380600
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe[1128] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1192] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[1192] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[1192] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[1192] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[1192] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1192] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001501F8
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001503FC
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 00391014
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 00390804
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 00390A08
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 00390C0C
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 00390E10
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003901F8
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003903FC
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 00390600
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1348] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 001501F8
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 001503FC
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 00391014
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 00390804
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 00390A08
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 00390C0C
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 00390E10
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 003901F8
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 003903FC
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 00390600
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Programmi\Bonjour\mDNSResponder.exe[1436] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\Alwil Software\Avast5\avastUI.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\Alwil Software\Avast5\avastUI.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1820] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1820] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1820] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1948] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1972] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1972] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1972] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1972] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1972] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1972] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1972] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1972] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\rundll32.exe[2780] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[2780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2780] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[2780] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2780] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[2780] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[2780] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[2780] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[2780] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[2780] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\alg.exe[3420] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3420] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3420] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3420] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3420] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3420] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3420] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3420] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3420] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D59 3 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity + 4 77FA6D5D 1 Byte [88]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 77FA6E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 77FA6FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 77FA70D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 77FA7161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!CreateServiceA 77FA71E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!CreateServiceW 77FA7381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] ADVAPI32.dll!DeleteService 77FA7489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3512] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spbv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spbv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spbv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spbv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spbv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spbv.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Programmi\Alwil Software\Avast5\avastUI.exe[1496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programmi\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programmi\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89E531F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{583BC274-F2D9-490D-92C4-85FAF28A2141} 894EC1F8
Device \Driver\usbuhci \Device\USBPDO-0 89CD0500
Device \Driver\usbuhci \Device\USBPDO-1 89CD0500
Device \Driver\usbuhci \Device\USBPDO-2 89CD0500
Device \Driver\usbuhci \Device\USBPDO-3 89CD0500
Device \Driver\usbehci \Device\USBPDO-4 89CD3500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89DE41F8
Device \Driver\Cdrom \Device\CdRom0 89CD1500
Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-6 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 894EC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FB9167A6-471D-43BC-8514-AA12B603378F} 894EC1F8
Device \Driver\NetBT \Device\NetbiosSmb 894EC1F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 89CD0500
Device \Driver\usbuhci \Device\USBFDO-1 89CD0500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894E61F8
Device \Driver\usbuhci \Device\USBFDO-2 89CD0500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894E61F8
Device \Driver\usbuhci \Device\USBFDO-3 89CD0500
Device \Driver\usbehci \Device\USBFDO-4 89CD3500
Device \Driver\Ftdisk \Device\FtControl 89DE41F8
Device \FileSystem\Cdfs \Cdfs 893A7500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4@khjeh 0x98 0xC4 0x22 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0xDB 0x24 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E 364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB3 0x06 0x67 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4@khjeh 0x98 0xC4 0x22 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001@khjeh 0x5A 0xDB 0x24 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB3 0x06 0x67 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4@khjeh 0x98 0xC4 0x22 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001@khjeh 0x5A 0xDB 0x24 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E3646 82FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB3 0x06 0x67 0x3A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692 b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59 b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd01 6 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa4 8 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b81847 2 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5 d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7 b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993 d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a 3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835 b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c 6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec 2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-20 18:24:18
-----------------------------
18:24:18.437 OS Version: Windows 5.1.2600 Service Pack 3
18:24:18.437 Number of processors: 2 586 0x1706
18:24:18.437 ComputerName: ANDREA-82954A2D UserName: Andrea
18:24:18.906 Initialize success
18:24:22.359 AVAST engine defs: 12052000
18:24:24.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
18:24:24.593 Disk 0 Vendor: MAXTOR_STM3320820AS 3.AAE Size: 305245MB BusType: 3
18:24:24.625 Disk 0 MBR read successfully
18:24:24.625 Disk 0 MBR scan
18:24:24.718 Disk 0 Windows XP default MBR code
18:24:24.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
18:24:24.718 Disk 0 scanning sectors +625121280
18:24:24.781 Disk 0 scanning C:\WINDOWS\system32\drivers
18:24:31.578 Service scanning
18:24:40.250 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:24:42.640 Modules scanning
18:24:46.671 Disk 0 trace - called modules:
18:24:46.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkr.sys >>UNKNOWN [0x89e03938]<<
18:24:46.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d2cab8]
18:24:46.687 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x89dd1f18]
18:24:46.687 5 ACPI.sys[b7e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x89e47940]
18:24:47.140 AVAST engine scan C:\WINDOWS
18:24:50.296 AVAST engine scan C:\WINDOWS\system32
18:26:24.296 AVAST engine scan C:\WINDOWS\system32\drivers
18:26:38.984 AVAST engine scan C:\Documents and Settings\Andrea
18:58:05.625 AVAST engine scan C:\Documents and Settings\All Users
19:03:12.656 Scan finished successfully
19:05:14.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\MBR.dat"
19:05:14.765 The log file has been saved successfully to "C:\Documents and Settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\aswMBR.txt"

**Jintan** · 22.05.2012, 00:34

Quite a bit of items to be removed there, which will also likely bring immediate improvements.

Be sure to continue to temporarily disable any protective software when making the changes we do here.

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

IObit Toolbar v5.4 - Adware, spyware, search hijacker.
Advanced SystemCare 3 Very well-documented to cause system problems, and is not considered beneficial (and installs that Toolbar).
Advanced SystemCare 5 - Ditto.
McAfee SiteAdvisor - Does not report accurate info on web sites - see here for an example.
ooVoo - Adware.
Ad-Aware - Is now an antivirus software, so if it's the old anti-spyware version, it is no longer supported. And if it's the newer antivirus program, it is in conflict with Avast.
Ashampoo WinOptimizer Platinum 3 - All "fixit" programs are actually scams, intended to promote the purchase of the program, and causes system damage.
Any Video Converter - Typically these install unwanted programs, but there are so many I do not recognize this particular one off hand.
Messenger Plus! Live - Adware, spyware, search hijacker.
myBabylon_English Toolbar - Adware, spyware, search hijacker.
Uniblue RegistryBooster2 - Considered scam software, and removed by actual legit anti-malware programs.
Uniblue SpyEraser - Considered scam software, and removed by actual legit anti-malware programs.

I would also suggest uninstalling these - they are the number one way to get serious infection on a system:

eMule
AdunanzA
LimeWire

-----------

Reboot, again temp disable any security programs, then download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

**MagicAndry** · 22.05.2012, 20:37

Thank you.

I removed all the software you listed and scanned my computer with ComboFix.

Here's the log:

ComboFix 12-05-22.02 - Andrea 22/05/2012 21.25.19.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1505 [GMT 2:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\Tool Sicurezza & Ottimizzazione\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Andrea\mail.dat
c:\documents and settings\Andrea\mess.dat
c:\documents and settings\Andrea\WINDOWS
C:\index.htm
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-22 al 2012-05-22 )))))))))))))))))))))))))))))))))))
.
.
2012-05-22 18:59 . 2012-05-22 18:59 -------- d-----w- c:\documents and settings\Andrea\Dati applicazioni\IObit
2012-05-19 14:29 . 2012-05-19 14:30 -------- d-----w- c:\programmi\Google
2012-05-12 20:33 . 2012-05-12 20:33 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\IObit
2012-05-12 19:19 . 2011-12-30 15:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 19:21 . 2012-04-02 09:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 19:21 . 2011-05-18 08:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 17:29 . 2010-07-04 14:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-04 13:56 . 2008-12-22 20:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 21:22 . 2008-11-21 20:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-23 21:22 . 2010-05-15 11:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-07 00:15 . 2010-07-04 14:53 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2008-11-21 18:52 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-22 17:52 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2008-11-21 18:52 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2008-11-21 18:52 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2008-11-21 18:52 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2008-11-21 18:52 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2008-11-21 18:52 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2008-11-21 18:52 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2008-11-21 18:52 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"avast"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersio n\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\{7F08A772-2816-4F46-84F1-49578502AD28}\\setup\\hpznui01.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe" =
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Remote Mouse\\server\\server.exe"=
"c:\\Programmi\\Jumi\\jumi.exe"=
"c:\\Documents and Settings\\Andrea\\Dati applicazioni\\Spotify\\spotify.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Andrea\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.e xe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile\GloballyOpenPorts\List]
"5720:TCP"= 5720:TCP:Jumi Controller
"5720:UDP"= 5720:UDP:Jumi Controller
"443:TCP"= 443:TCP:*

isabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*

isabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*

isabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*

isabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*

isabled:Porta UDP ooVoo 37675
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/07/2010 21.57.39 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/04/2009 14.51.28 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22/03/2011 19.52.49 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/11/2008 20.52.13 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/11/2008 20.52.13 20696]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [22/12/2008 22.12.41 654408]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [03/06/2010 17.07.18 13112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam .sys [22/12/2008 22.12.41 22344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21/11/2008 20.14.36 222976]
S2 gupdate1c98b8dd1e9709a;Google Update Service (gupdate1c98b8dd1e9709a);c:\programmi\Google\Update\GoogleUp date.exe [19/05/2012 16.29.43 116648]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [29/02/2012 8.50.48 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdate Service.exe [02/04/2012 11.10.18 257696]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [25/08/2009 15.41.56 16896]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [27/01/2009 20.12.16 39680]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [19/05/2012 16.29.43 116648]
S3 HideMyIpSRV;HideMyIpSRV;c:\programmi\Hide My IP\HideMyIpSrv.exe [09/02/2011 22.02.43 3039536]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24/11/2010 23.56.35 27064]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - gusvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService. exe [2012-04-02 19:21]
.
2012-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-1563985344-725345543-1004Core1cc406eafb917a8.job
- c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-07-09 18:54]
.
2012-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-1563985344-725345543-1004UA.job
- c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-07-09 18:54]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-05-19 14:29]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-05-19 14:29]
.
2012-05-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1563985344-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2012-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1563985344-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page =
mStart Page =
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\programmi\DAP Premium\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP Premium\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Andrea\Dati applicazioni\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andrea\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Save YouTube Video - c:\programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAPPRE~1\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAPPRE~1\dapie.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\ga5dj9ak.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Navigational Sounds: {d84a846d-f7cb-4187-a408-b171020e8940} - %profile%\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\programmi\Alwil Software\Avast5\WebRep\FF
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM_ActiveSetup-{F9BFFFFC-DCBF-A1CD-DDAF-CBBBAD4BDCD1} - c:\documents and settings\Andrea\Dati applicazioni\WindowsDefender.exe
.
.
.
************************************************************ **************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-22 21:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************************ **************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00 ,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,d0,85,ad,a6,00, f1,45,a6,ee,29,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00 ,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,d0,85,ad,a6,00, f1,45,a6,ee,29,\
.
Ora fine scansione: 2012-05-22 21:33:18
ComboFix-quarantined-files.txt 2012-05-22 19:33
.
Pre-Run: 225.914.347.520 byte disponibili
Post-Run: 226.197.655.552 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlogo
.
- - End Of File - - CAFA1A5FF794A42C3AE062E069A58CE0

**Jintan** · 22.05.2012, 23:52

Looks improved, but I need to check with you before we go further. Is Ad-Aware now uninstalled - it's active components show still?

**MagicAndry** · 23.05.2012, 06:27

Yes, i did uninstall Ad-Aware in the same way I removed other software listed.
I've been having problem with Ad-Aware lately as it asked me to update it to the latest version. Yet, I didn't manage to update it because once the latest version installation was completed I ran Ad-Aware but the older version showed insted of the new one.

**Jintan** · 24.05.2012, 00:01

Darn, I am not really sure what you meant with that. That Ad-Aware Lavasoft Kernexplorer suggest it is the antivirus program, so is in conflict with Avast, and also still shows as installed. The older version is a liability, as it is now longer supported, so can make the wrong changes. So either way Ad-Aware must leave.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:

KillAll::
Driver::
Lbd
"Lavasoft Kernexplorer"
File::
c:\windows\system32\RegistryDefragBootTime.exe
Folder::
c:\documents and settings\Andrea\Dati applicazioni\IObit
c:\windows\system32\config\systemprofile\Dati applicazioni\IObit
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Save this to your desktop as CFScript.txt

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

---------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log, the C:\ComboFix.txt log and the Malwarebytes log please.

Thema: My connection doesnt work when I turn my pc on

Themen-Optionen

My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Re: My connection doesnt work when I turn my pc on

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Windows XP No wireless connection, etc.

SLOW Connection

Desktop doesnt come up with icons or taskbar

Screwy internet connection

How turn the Hijackthis on ?!?!?

Berechtigungen