DDS (Ver_10-03-17.01) - NTFSx86 Run by tonicooperi at 14.31.53,54 on 02/06/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.80 [GMT 2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00} AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00} FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Programmi\Sygate\SPF\smc.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe svchost.exe C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmi\File comuni\Java\Java Update\jusched.exe C:\Programmi\FreePDF_XP\fpassist.exe C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe C:\WINDOWS\system32\SmartAssemblyHelper.exe C:\WINDOWS\system32\DannyHost.exe C:\Programmi\WebMoney Agent\wmagent.exe C:\WINDOWS\system32\igfxext.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\DAEMON Tools Pro\DTProAgent.exe C:\Programmi\ICQ6.5\ICQ.exe C:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe C:\Programmi\Sandboxie\SbieCtrl.exe C:\DOCUME~1\TONICO~1\IMPOST~1\Temp\RtkBtMnt.exe C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Documents and Settings\tonicooperi\Dati applicazioni\Dropbox\bin\Dropbox.exe C:\Programmi\No-IP\DUC20.exe C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE C:\Programmi\Vidalia Bundle\Tor\tor.exe C:\Programmi\Vidalia Bundle\Polipo\polipo.exe C:\WINDOWS\system32\mdm.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Skype\Toolbars\Shared\SkypeNames.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Programmi\Skype\Plugin Manager\skypePM.exe C:\Programmi\Windows Live\Messenger\msnmsgr.exe C:\Programmi\Windows Live\Contacts\wlcomm.exe C:\Programmi\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\tonicooperi\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=0&o=xph&d=1109&m=aoa150 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Skype] "c:\programmi\skype\phone\Skype.exe" /nosplash /minimized uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background uRun: [DAEMON Tools Pro Agent] "c:\programmi\daemon tools pro\DTProAgent.exe" uRun: [ICQ] "c:\programmi\icq6.5\ICQ.exe" silent uRun: [Vidalia] "c:\programmi\vidalia bundle\vidalia\vidalia.exe" uRun: [SandboxieControl] "c:\programmi\sandboxie\SbieCtrl.exe" mRun: [LaunchApp] Alaunch mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AzMixerSel] c:\programmi\realtek\audio\installshield\AzMixerSel.exe mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE mRun: [PLFSetL] c:\windows\PLFSetL.exe mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [GrooveMonitor] "c:\programmi\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe" mRun: [FreePDF Assistant] c:\programmi\freepdf_xp\fpassist.exe mRun: [NokiaMServer] c:\programmi\file comuni\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime mRun: [SmartAssemblyHelper] "c:\windows\system32\SmartAssemblyHelper.exe" mRun: [DannyHost] "c:\windows\system32\DannyHost.exe" mRun: [wmagent.exe] "c:\programmi\webmoney agent\wmagent.exe" StartupFolder: c:\docume~1\tonico~1\menuav~1\progra~1\esecuz~1\dropbox.lnk - c:\documents and settings\tonicooperi\dati applicazioni\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\tonico~1\menuav~1\progra~1\esecuz~1\no-ipd~1.lnk - c:\programmi\no-ip\DUC20.exe StartupFolder: c:\docume~1\tonico~1\menuav~1\progra~1\esecuz~1\ritagl~1.lnk - c:\programmi\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\interv~1.lnk - c:\programmi\intervideo\common\bin\WinCinemaMgr.exe IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\programmi\icq6.5\ICQ.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmi\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\tonico~1\datiap~1\mozilla\firefox\profiles\vdkn7dv6.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - prefs.js: network.proxy.http - http://wpad.polimi.it/wpad.dat FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 2 FF - component: c:\programmi\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\programmi\opera\program\plugins\np_gp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programmi\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programmi\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programmi\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programmi\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2009-11-18 11608] R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-11-18 181120] R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-11-18 51072] R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2009-11-18 108289] R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2009-11-18 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-18 56816] R3 SbieDrv;SbieDrv;c:\programmi\sandboxie\SbieDrv.sys [2010-4-17 115944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-24 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-24 8320] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 vsdatant;vsdatant; [x] =============== Created Last 30 ================ 2010-06-01 18:35:29 0 d-----w- c:\docume~1\tonico~1\datiap~1\Malwarebytes 2010-06-01 18:35:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-01 18:35:08 0 d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes 2010-06-01 18:35:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-01 18:35:05 0 d-----w- c:\programmi\Malwarebytes' Anti-Malware 2010-06-01 18:23:44 0 d-----w- c:\programmi\ESET 2010-06-01 15:56:06 0 d-----w- c:\programmi\Trend Micro 2010-05-31 14:13:50 64000 ----a-w- c:\windows\system32\ieframe.oca 2010-05-31 14:12:07 35840 ----a-w- c:\windows\system32\ComDlg32.oca 2010-05-31 14:12:06 22016 ----a-w- c:\windows\system32\MSWINSCK.oca 2010-05-31 14:12:03 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca 2010-05-30 23:22:50 0 d-----w- c:\docume~1\tonico~1\datiap~1\WebMoney 2010-05-30 23:21:33 0 d-----w- c:\programmi\WebMoney Agent 2010-05-30 23:20:48 0 d-----w- c:\programmi\WebMoney 2010-05-30 13:20:21 0 dc-h--w- c:\docume~1\alluse~1\datiap~1\{E6CA0070-F119-46D3-AFA3-A16FB84FEFA0} 2010-05-30 13:20:05 0 d-----w- c:\programmi\Eziriz 2010-05-30 08:39:02 0 d-----w- c:\docume~1\tonico~1\datiap~1\TeamViewer 2010-05-30 08:38:46 0 d-----w- c:\programmi\TeamViewer 2010-05-29 19:17:57 307200 ----a-w- c:\windows\system32\msvcr70.dll 2010-05-29 19:15:09 233472 ----a-w- c:\windows\system32\fusion.dll 2010-05-29 19:14:00 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2010-05-29 19:01:06 0 d-----w- c:\docume~1\alluse~1\datiap~1\{smartassembly} 2010-05-29 19:00:41 0 d-----w- c:\programmi\{smartassembly} 2010-05-29 15:57:55 0 d-----w- c:\programmi\Microsoft SQL Server 2010-05-29 15:57:21 0 d-----w- c:\programmi\Microsoft Synchronization Services 2010-05-29 15:57:20 0 d-----w- c:\programmi\Microsoft SQL Server Compact Edition 2010-05-29 15:51:18 0 d-----w- c:\programmi\Microsoft Help Viewer 2010-05-29 15:51:17 0 d-----w- c:\programmi\Microsoft Visual Studio 10.0 2010-05-29 13:45:57 165 ----a-w- c:\windows\system32\spupdsvc.inf 2010-05-28 20:41:39 185 ----a-w- c:\windows\mdm.ini 2010-05-28 20:41:24 288 ----a-w- c:\windows\ODBC.INI 2010-05-28 20:39:48 0 d-----w- c:\programmi\Web Publish 2010-05-28 20:29:12 7356 ----a-w- c:\windows\system32\javasup.vxd 2010-05-28 20:29:12 6550 ----a-w- c:\windows\jautoexp.dat 2010-05-28 20:29:12 42496 ----a-w- c:\windows\setdebug.exe 2010-05-28 20:29:12 313856 ----a-w- c:\windows\system32\dx3j.dll 2010-05-28 20:29:12 140048 ----a-w- c:\windows\system32\jit.dll 2010-05-28 20:29:12 135168 ----a-w- c:\windows\system32\javaee.dll 2010-05-28 15:23:46 0 d-----w- c:\programmi\No-IP 2010-05-27 18:17:33 0 d-----w- c:\docume~1\tonico~1\datiap~1\Dropbox 2010-05-27 14:13:04 0 d-----w- c:\programmi\UltraVPN 2010-05-26 22:33:57 0 d-----w- c:\windows\pss 2010-05-26 22:27:15 0 d-sh--r- c:\docume~1\tonico~1\datiap~1\recyclerr 2010-05-25 15:36:49 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-23 19:04:01 0 d-----w- c:\programmi\Siber Systems 2010-05-22 10:52:21 0 d-----r- C:\Sandbox 2010-05-22 10:52:12 1198 ----a-w- c:\windows\Sandboxie.ini 2010-05-22 10:52:04 0 d-----w- c:\programmi\Sandboxie 2010-05-22 08:46:01 0 d-----w- c:\docume~1\tonico~1\datiap~1\NoNameScript 2010-05-21 16:37:02 139 ----a-w- C:\TestICQ2.bin 2010-05-21 16:36:59 24243 ----a-w- c:\documents and settings\tonicooperi\check.ini 2010-05-18 20:52:39 0 d-----w- c:\programmi\HTTP-Tunnel 2010-05-18 18:30:29 0 d-----w- c:\docume~1\tonico~1\datiap~1\Tor 2010-05-18 18:30:26 0 d-----w- c:\programmi\Vidalia Bundle 2010-05-16 00:26:40 0 d-----w- c:\programmi\uTorrent 2010-05-13 17:25:35 0 d-----w- C:\GDPoker 2010-05-04 16:39:18 123856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2010-05-04 16:38:43 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2010-05-04 15:39:59 78848 ---ha-w- c:\windows\system32\mlfcache.dat ==================== Find3M ==================== 2010-06-02 10:48:31 1660 ----a-w- c:\windows\bthservsdp.dat 2010-05-29 13:43:51 558320 ----a-w- c:\windows\system32\perfh010.dat 2010-05-29 13:43:51 106098 ----a-w- c:\windows\system32\perfc010.dat 2010-05-02 22:33:36 39156 ----a-w- c:\windows\fonts\BILLY ARGEL TRIAL___.otf 2010-04-19 21:45:39 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2010-04-19 16:33:20 695578 ----a-w- c:\windows\system32\unins000.exe 2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-03-18 14:47:22 17760 ----a-w- c:\windows\system32\aspnet_counters.dll 2010-03-18 11:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2010-03-18 11:16:28 70472 ----a-w- c:\windows\system32\dxva2.dll 2010-03-18 11:16:28 486216 ----a-w- c:\windows\system32\evr.dll 2010-03-18 08:09:00 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-18 08:09:00 49488 ----a-w- c:\windows\system32\netfxperf.dll 2010-03-18 08:09:00 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-03-18 08:09:00 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-03-18 07:15:26 80720 ----a-w- c:\windows\system32\mfcm100u.dll 2010-03-18 07:15:26 80208 ----a-w- c:\windows\system32\mfcm100.dll 2010-03-18 07:15:26 770384 ----a-w- c:\windows\system32\msvcr100.dll 2010-03-18 07:15:26 4368720 ----a-w- c:\windows\system32\mfc100u.dll 2010-03-18 07:15:26 4342088 ----a-w- c:\windows\system32\mfc100.dll 2010-03-18 07:15:26 421200 ----a-w- c:\windows\system32\msvcp100.dll 2010-03-18 07:15:26 138056 ----a-w- c:\windows\system32\atl100.dll 2010-03-10 06:15:53 420352 ----a-w- c:\windows\system32\vbscript.dll 2009-11-18 08:02:53 32768 --sha-w- c:\windows\system32\config\systemprofile\impostazioni locali\cronologia\history.ie5\mshist012009111820091119\index.dat 2008-08-20 19:26:24 32768 --sha-w- c:\windows\system32\config\systemprofile\impostazioni locali\dati applicazioni\microsoft\feeds cache\index.dat ============= FINISH: 14.32.38,25 ===============