API tools faq
paste
Advertisement
Guest User

OTL.txt

a guest
Oct 29th, 2012
75
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.22 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 27/10/2012 17.52.12 - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = E:\OTL
  3. Windows XP Windows XP Embedded Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
  4. Internet Explorer (Version = 6.0.2900.2180)
  5. Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy
  6.  
  7. 502,80 Mb Total Physical Memory | 321,01 Mb Available Physical Memory | 63,84% Memory free
  8. 1,20 Gb Paging File | 1,05 Gb Available in Paging File | 87,33% Paging File free
  9. Paging file location(s): C:\pagefile.sys 0 0 [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
  12. Drive C: | 37,31 Gb Total Space | 29,78 Gb Free Space | 79,83% Space Free | Partition Type: NTFS
  13. Drive E: | 3,91 Gb Total Space | 0,92 Gb Free Space | 23,49% Space Free | Partition Type: FAT32
  14.  
  15. Computer Name: 9020_V01A | User Name: HEN | Logged in as Administrator.
  16. Boot Mode: Normal | Scan Mode: All users
  17. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  18.  
  19. [color=#E56717]========== Processes (SafeList) ==========[/color]
  20.  
  21. PRC - E:\OTL\OTL.exe (OldTimer Tools)
  22. PRC - C:\Program Files\Notepad++\notepad++.exe (Don HO [email protected])
  23. PRC - C:\GestioneSms\GestSms.exe (Kinetcs tecnologi)
  24. PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
  25. PRC - C:\Program Files\Common Files\DUAgent.exe (Microsoft Corporation)
  26. PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
  27. PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  28.  
  29.  
  30. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  31.  
  32. MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
  33. MOD - C:\Program Files\Notepad++\plugins\NppFTP.dll ()
  34. MOD - C:\Program Files\Notepad++\plugins\NppExport.dll ()
  35. MOD - C:\Program Files\WinRAR\RarExt.dll ()
  36. MOD - C:\Program Files\ClamWin\bin\ExpShell.dll ()
  37.  
  38.  
  39. [color=#E56717]========== Services (SafeList) ==========[/color]
  40.  
  41. SRV - (Tssdis) -- C:\WINDOWS\System32\tssdis.exe File not found
  42. SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
  43. SRV - (DUAgent) -- C:\Program Files\Common Files\DUAgent.exe (Microsoft Corporation)
  44. SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
  45. SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
  46. SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
  47. SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
  48. SRV - (pvbbr) -- C:\WINDOWS\system32\phbikpjl.dll ()
  49.  
  50.  
  51. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  52.  
  53. DRV - (WDICA) -- File not found
  54. DRV - (PDRFRAME) -- File not found
  55. DRV - (PDRELI) -- File not found
  56. DRV - (PDFRAME) -- File not found
  57. DRV - (PDCOMP) -- File not found
  58. DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\DLKRTXP.SYS (D-Link Corp. )
  59. DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
  60. DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
  61. DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
  62. DRV - (DCamUSBIntel) -- C:\WINDOWS\system32\drivers\usbintel.sys (Microsoft Corporation)
  63. DRV - (AtmLane) -- C:\WINDOWS\system32\drivers\atmlane.sys (Microsoft Corporation)
  64. DRV - (AtmElan) -- C:\WINDOWS\system32\drivers\atmlane.sys (Microsoft Corporation)
  65. DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
  66. DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
  67. DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
  68. DRV - (awecho) -- C:\WINDOWS\system32\drivers\awechomd.sys (Symantec Corporation)
  69. DRV - (awlegacy) -- C:\WINDOWS\system32\drivers\AWLEGACY.sys (Symantec Corporation)
  70. DRV - (AW_HOST) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys (Symantec Corporation)
  71. DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
  72. DRV - (Gernuwa) -- C:\WINDOWS\System32\drivers\GERNUWA.sys (Symantec Corporation)
  73. DRV - (usbhub20) -- C:\WINDOWS\system32\drivers\usbhub20.sys (Microsoft Corporation)
  74. DRV - (hspci) -- C:\WINDOWS\system32\drivers\hspci.sys (Pigeon Point Systems)
  75. DRV - (busfiltr) -- C:\WINDOWS\system32\drivers\busfiltr.sys (Pigeon Point Systems)
  76. DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.cab ()
  77. DRV - (TDSPX) -- C:\WINDOWS\System32\drivers\tdspx.sys (Microsoft Corporation)
  78. DRV - (TDIPX) -- C:\WINDOWS\System32\drivers\tdipx.sys (Microsoft Corporation)
  79. DRV - (TDASYNC) -- C:\WINDOWS\System32\drivers\tdasync.sys (Microsoft Corporation)
  80. DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
  81. DRV - (MSRIFFWV) -- C:\WINDOWS\system32\drivers\MSRIFFWV.sys (Microsoft Corporation)
  82. DRV - (MSFSIO) -- C:\WINDOWS\system32\drivers\MSFSIO.sys (Microsoft Corporation)
  83. DRV - (NtApm) -- C:\WINDOWS\system32\drivers\NtApm.sys (Microsoft Corporation)
  84. DRV - (Atmuni) -- C:\WINDOWS\system32\drivers\atmuni.sys (Microsoft Corporation)
  85. DRV - (Rawwan) -- C:\WINDOWS\system32\drivers\rawwan.sys (Microsoft Corporation)
  86. DRV - (ATMEPVCP) -- C:\WINDOWS\system32\drivers\atmepvc.sys (Microsoft Corporation)
  87. DRV - (ATMEPVCM) -- C:\WINDOWS\system32\drivers\atmepvc.sys (Microsoft Corporation)
  88.  
  89.  
  90. [color=#E56717]========== Standard Registry (All) ==========[/color]
  91.  
  92.  
  93. [color=#E56717]========== Internet Explorer ==========[/color]
  94.  
  95. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
  96. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  97. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
  98. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  99. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
  100. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
  101. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
  102.  
  103.  
  104. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  105.  
  106. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  107.  
  108.  
  109.  
  110. IE - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
  111. IE - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
  112. IE - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  113. IE - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
  114. IE - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
  115. IE - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  116.  
  117.  
  118.  
  119.  
  120. O1 HOSTS File: ([2001/08/23 04.00.00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
  121. O1 - Hosts: 127.0.0.1 localhost
  122. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
  123. O3 - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
  124. O3 - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
  125. O3 - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
  126. O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
  127. O4 - HKLM..\Run: [Avvio] C:\AvvioHen.exe (Kinetcs tecnologi)
  128. O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
  129. O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
  130. O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
  131. O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
  132. O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
  133. O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
  134. O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
  135. O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
  136. O4 - HKU\.DEFAULT..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
  137. O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
  138. O4 - HKU\S-1-5-18..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
  139. O4 - HKU\S-1-5-19..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
  140. O4 - HKU\S-1-5-19..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
  141. O4 - HKU\S-1-5-20..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
  142. O4 - HKU\S-1-5-20..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
  143. O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
  144. O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check(4).lnk = C:\WINDOWS\system32\spool\drivers\W32X86\3\E_SRCV04.EXE (SEIKO EPSON CORPORATION)
  145. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
  146. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
  147. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
  148. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
  149. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
  150. O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  151. O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
  152. O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  153. O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
  154. O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  155. O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
  156. O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  157. O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
  158. O7 - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  159. O7 - HKU\S-1-5-21-456101603-2550089097-4274871763-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
  160. O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
  161. O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
  162. O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  163. O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
  164. O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  165. O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  166. O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  167. O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  168. O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
  169. O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
  170. O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  171. O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  172. O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  173. O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  174. O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  175. O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  176. O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  177. O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  178. O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  179. O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  180. O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  181. O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  182. O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  183. O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  184. O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  185. O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  186. O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  187. O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  188. O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  189. O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  190. O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  191. O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
  192. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{294517DB-8AFC-416E-922F-B4438D910400}: DhcpNameServer = 192.168.1.70
  193. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80476FD4-39EE-44E9-BC02-A227B6A5EFCE}: NameServer = 212.216.112.112,212.216.172.62
  194. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD4F72BC-CFF2-4F6E-84E5-FB69B30A64CB}: NameServer = 212.216.112.112,212.216.172.62
  195. O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
  196. O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  197. O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
  198. O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  199. O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  200. O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  201. O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  202. O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
  203. O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
  204. O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  205. O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
  206. O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
  207. O18 - Protocol\Handler\ipp - No CLSID value found
  208. O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
  209. O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
  210. O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
  211. O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  212. O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
  213. O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
  214. O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  215. O18 - Protocol\Handler\msdaipp - No CLSID value found
  216. O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
  217. O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
  218. O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
  219. O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
  220. O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
  221. O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
  222. O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
  223. O18 - Protocol\Handler\vnd.ms.radio - No CLSID value found
  224. O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
  225. O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
  226. O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
  227. O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
  228. O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  229. O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  230. O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  231. O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
  232. O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
  233. O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  234. O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
  235. O20 - HKLM Winlogon: UserInit - (%windir%\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
  236. O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
  237. O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
  238. O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
  239. O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
  240. O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
  241. O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
  242. O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
  243. O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
  244. O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
  245. O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
  246. O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
  247. O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
  248. O20 - Winlogon\Notify\SSOExec: DllName - (%windir%\temp\sso\ssoexec.dll) - File not found
  249. O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
  250. O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
  251. O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
  252. O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
  253. O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
  254. O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
  255. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
  256. O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
  257. O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
  258. O24 - Desktop Components:0 (My Current Home Page) - About:Home
  259. O24 - Desktop WallPaper: C:\WINDOWS\SFONDO.BMP
  260. O24 - Desktop BackupWallPaper: C:\WINDOWS\SFONDO.BMP
  261. O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
  262. O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
  263. O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
  264. O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
  265. O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
  266. O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
  267. O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
  268. O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
  269. O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
  270. O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
  271. O32 - HKLM CDRom: AutoRun - 1
  272. O32 - AutoRun File - [2010/11/21 18.42.12 | 000,000,122 | ---- | M] () - E:\autorun.inf.old.txt -- [ FAT32 ]
  273. O32 - AutoRun File - [2012/10/27 17.28.02 | 000,000,000 | -HSD | M] - E:\autorun.inf -- [ FAT32 ]
  274. O33 - MountPoints2\{3ded38e5-3fab-11de-aaa0-00e04c0c7d51}\Shell - "" = AutoRun
  275. O33 - MountPoints2\{3ded38e5-3fab-11de-aaa0-00e04c0c7d51}\Shell\AutoRun - "" = Auto&Play
  276. O33 - MountPoints2\{3ded38e5-3fab-11de-aaa0-00e04c0c7d51}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
  277. O33 - MountPoints2\{51a8a640-47e2-11df-abaa-0011955ff6c5}\Shell - "" = AutoRun
  278. O33 - MountPoints2\{51a8a640-47e2-11df-abaa-0011955ff6c5}\Shell\AutoRun - "" = Auto&Play
  279. O33 - MountPoints2\{51a8a640-47e2-11df-abaa-0011955ff6c5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  280. O33 - MountPoints2\{51a8a641-47e2-11df-abaa-0011955ff6c5}\Shell - "" = AutoRun
  281. O33 - MountPoints2\{51a8a641-47e2-11df-abaa-0011955ff6c5}\Shell\AutoRun - "" = Auto&Play
  282. O33 - MountPoints2\{51a8a641-47e2-11df-abaa-0011955ff6c5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
  283. O35 - HKLM\..comfile [open] -- "%1" %*
  284. O35 - HKLM\..exefile [open] -- "%1" %*
  285. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  286. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  287. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  288. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  289.  
  290. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  291.  
  292. [2012/10/27 17.50.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEN\Start Menu\Programs\Notepad++
  293. [2012/10/27 17.50.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
  294. [2012/10/27 17.50.15 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
  295. [2012/10/27 17.50.15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEN\Application Data\Notepad++
  296. [2012/10/23 17.57.15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEN\Desktop\Locandine da Importare
  297. [2012/10/23 16.31.10 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
  298. [2012/10/23 16.31.10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\INETIT.DLL
  299. [2012/10/23 16.31.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Loc Ness
  300. [2012/10/23 16.30.45 | 000,000,000 | ---D | C] -- C:\Loc-Ness
  301. [2005/09/09 10.33.42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DUAgent.exe
  302.  
  303. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  304.  
  305. [2012/10/26 16.52.48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
  306. [2012/10/23 16.31.10 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Loc Ness.lnk
  307.  
  308. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  309.  
  310. [2012/10/23 16.31.10 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Loc Ness.lnk
  311. [2005/10/28 11.00.15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\HEN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  312. [2005/10/28 10.17.00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HEN\Application Data\dm.ini
  313.  
  314. [color=#E56717]========== ZeroAccess Check ==========[/color]
  315.  
  316. [2005/09/09 11.49.49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
  317.  
  318. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  319.  
  320. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  321.  
  322. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  323. "" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/03 23.56.46 | 001,483,264 | ---- | M] (Microsoft Corporation)
  324. "ThreadingModel" = Apartment
  325.  
  326. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  327. "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/03 23.56.44 | 000,472,064 | ---- | M] (Microsoft Corporation)
  328. "ThreadingModel" = Free
  329.  
  330. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  331. "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/03 23.56.48 | 000,273,920 | ---- | M] (Microsoft Corporation)
  332. "ThreadingModel" = Both
  333.  
  334. [color=#E56717]========== LOP Check ==========[/color]
  335.  
  336. [2012/10/27 17.50.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEN\Application Data\Notepad++
  337.  
  338. [color=#E56717]========== Purity Check ==========[/color]
  339.  
  340.  
  341.  
  342. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!