Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Full RAM and CPU caused by IIS process


  • Please log in to reply
1 reply to this topic

#1 Gnorro

Gnorro

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 22 September 2014 - 01:33 AM

Hi
 
I have a website in classic asp language. Some days ago it started to give strange errors like:
"Memory exhausted" or "Cannot load DLL: RexExp"
 
IIS process during day consumes every hour more and more RAM till it's all used. In that moment website stop working.
 
The application has not been changed and has always worked good. So i would like to check for a worm.
 
Thanks for your help.
 
 
These are OTL logs:
 
OTL.txt:
OTL logfile created on: 22/09/2014 09:14:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\sicurezza
64bit- Web Server Edition  (Version = 6.1.7600) - Type = NTServer
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
8,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 34,65% Memory free
16,01 Gb Paging File | 11,30 Gb Available in Paging File | 70,58% Paging File free
Paging file location(s): c:\pagefile.sys 0 0g:\pagefile.sys 16 9000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 60,34 Gb Free Space | 60,40% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 18,92 Gb Free Space | 37,85% Space Free | Partition Type: NTFS
Drive F: | 10,00 Gb Total Space | 6,63 Gb Free Space | 66,34% Space Free | Partition Type: NTFS
Drive G: | 20,00 Gb Total Space | 9,76 Gb Free Space | 48,80% Space Free | Partition Type: NTFS
Drive H: | 20,00 Gb Total Space | 2,65 Gb Free Space | 13,23% Space Free | Partition Type: NTFS
Drive I: | 9,98 Gb Total Space | 9,90 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
 
Computer Name: WIN-8UOS4TC5R57 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\sicurezza\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AMTU\Amazon Merchant Transport Utility.exe (Amazon Services)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe ()
PRC - C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
PRC - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (FileZilla Project)
PRC - C:\Windows\SysWOW64\inetsrv\w3wp.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\AMTU\.install4j\i4jinst.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ()
MOD - \\?\C:\Program Files\Helicon\ISAPI_Rewrite3\ISAPI_RewriteProxy.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - \\?\C:\Windows\SysWow64\inetsrv\asp.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV:64bit: - (sacsvr) -- C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)
SRV:64bit: - (FCRegSvc) -- C:\Windows\SysNative\FCRegSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (RSoPProv) -- C:\Windows\SysNative\rsopprov.exe (Microsoft Corporation)
SRV:64bit: - (SMTPSVC) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (DNS) -- C:\Windows\SysNative\dns.exe (Microsoft Corporation)
SRV - (AMTU) -- C:\Program Files (x86)\AMTU\Utilities\amtu_daemon_w.exe (Amazon Services)
SRV - (Applications Manager) -- C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe ()
SRV - (MsDepSvc) -- C:\Programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation)
SRV - (xensvc) -- C:\Program Files (x86)\Citrix\XenTools\xenservice.exe (Citrix Systems, Inc.)
SRV - (FileZilla Server) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (FileZilla Project)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programmi\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programmi\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (xenvbd) -- C:\Windows\SysNative\drivers\xenvbd.sys (Citrix Systems, Inc.)
DRV:64bit: - (xenevtchn) -- C:\Windows\SysNative\drivers\xevtchn.sys (Citrix Systems, Inc.)
DRV:64bit: - (Xennet6) -- C:\Windows\SysNative\drivers\xennet6.sys (Citrix Systems, Inc.)
DRV:64bit: - (scsifilt) -- C:\Windows\SysNative\drivers\scsifilt.sys (Citrix Systems, Inc.)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sacdrv) -- C:\Windows\SysNative\drivers\sacdrv.sys (Microsoft Corporation)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ioatdma) -- C:\Windows\SysNative\drivers\qd260x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/12/18 19:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/12/18 19:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/12/18 19:47:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\37.0.2062.120\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKCU..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Merchant Transport Utility.lnk = C:\Program Files (x86)\AMTU\Amazon Merchant Transport Utility.exe (Amazon Services)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Servizio AMTU.lnk = C:\Program Files (x86)\AMTU\Utilities\amtu_daemon_w.exe (Amazon Services)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: yeppon.it ([www] http in Siti attendibili)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BD81AB-2C97-41D6-AC2D-0B23CFE4C8FE}: NameServer = 80.247.64.80,80.247.64.81
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:64bit: sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/20 14:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/09/20 14:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/09/18 16:25:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Roaming\Common
[2014/09/18 16:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\FileSeek
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/22 09:00:31 | 000,007,605 | ---- | M] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2014/09/22 08:49:00 | 000,001,192 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1740127141-2406406664-3586414466-500UA.job
[2014/09/21 13:49:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1740127141-2406406664-3586414466-500Core.job
[2014/09/21 10:52:36 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/21 10:52:36 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/20 16:37:49 | 002,058,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/20 16:37:49 | 000,887,420 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/09/20 16:37:49 | 000,785,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/20 16:37:49 | 000,208,140 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/09/20 16:37:49 | 000,174,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/20 16:32:45 | 000,266,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/20 16:32:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/20 14:12:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/12 00:52:23 | 000,002,364 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2014/09/20 14:12:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/04 20:08:59 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011/12/20 18:50:55 | 010,436,200 | ---- | C] () -- C:\Users\Administrator\prodotti_.sql
[2011/12/20 18:49:36 | 048,836,173 | ---- | C] () -- C:\Users\Administrator\prodotti.sql
[2011/12/20 17:40:16 | 000,038,878 | ---- | C] () -- C:\Users\Administrator\proc_bck.sql
[2011/04/21 14:15:21 | 000,007,605 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:58:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/27 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AstroGrep
[2014/09/18 16:25:25 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\Common
[2011/06/28 15:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Helios
[2011/04/21 12:29:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LopeSoft
[2011/04/15 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MySQL
[2011/12/20 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2014/05/09 12:26:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\S3Browser
[2014/09/22 09:17:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SQLyog
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/14 09:22:55 | 000,004,183 | ---- | M] () MD5=4CF10EA9BAB7750F41A7E154AECAF977 -- C:\Windows\PolicyDefinitions\it-IT\Explorer.adml
[2009/07/14 09:22:55 | 000,004,183 | ---- | M] () MD5=4CF10EA9BAB7750F41A7E154AECAF977 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0ba03a634e316689\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 22:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 22:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/14 09:22:35 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D871BB5958AEF9F493B330FCB533DE6B -- C:\Windows\SysWOW64\it-IT\explorer.exe.mui
[2009/07/14 09:22:35 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D871BB5958AEF9F493B330FCB533DE6B -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f8e6ec408bde811b\explorer.exe.mui
[2009/07/14 09:22:33 | 000,025,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\it-IT\explorer.exe.mui
[2009/07/14 09:22:33 | 000,025,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ee9241ee577dbf20\explorer.exe.mui
 
< MD5 for: IEXPLORE.EXE  >
[2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2010/12/18 08:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/12/18 08:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/12/18 08:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2010/12/18 07:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2009/07/14 03:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/07/14 09:23:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=25762CE531381E3240DF74F039B5744F -- C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
[2009/07/14 09:23:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=25762CE531381E3240DF74F039B5744F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_it-it_a0119e2b74b1b75f\iexplore.exe.mui
[2009/07/14 09:23:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=86D6B2902178405A6023BEE6088F4DFB -- C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui
[2009/07/14 09:23:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=86D6B2902178405A6023BEE6088F4DFB -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_it-it_95bcf3d94050f564\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 09:22:30 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\it-IT\services.exe.mui
[2009/07/14 09:22:30 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed\services.exe.mui
 
< MD5 for: SERVICES.H  >
[2011/03/09 17:11:38 | 000,001,008 | ---- | M] () MD5=62DA1F2270CF73E0DA79DD0748D7E36B -- C:\Program Files\MySQL\MySQL Server 5.5\include\mysql\services.h
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 06:57:37 | 000,001,288 | ---- | M] () MD5=3B6166955B71EA2F1B1FB30F91982A14 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:57:37 | 000,001,288 | ---- | M] () MD5=3B6166955B71EA2F1B1FB30F91982A14 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/14 09:22:40 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysNative\it-IT\services.msc
[2009/07/14 09:22:32 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysWOW64\it-IT\services.msc
[2009/07/14 09:22:40 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cded1d3e03abbe0\services.msc
[2009/07/14 09:22:32 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_30c0365027dd4aaa\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.VBS  >
[2011/08/26 17:58:36 | 000,001,654 | ---- | M] () MD5=A614493E2756A7E93746BD8ADAC3C995 -- C:\Program Files (x86)\ManageEngine\AppManager10\working\conf\application\scripts\services.vbs
 
< MD5 for: SERVICES.XML  >
[2011/08/26 17:58:36 | 000,000,588 | ---- | M] () MD5=560829A05258CE86EE5517B5AE30CFEC -- C:\Program Files (x86)\ManageEngine\AppManager10\working\conf\services.xml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/14 09:22:55 | 000,009,430 | ---- | M] () MD5=7A3DF5FA7925B53A60E9B3A0764A296B -- C:\Windows\PolicyDefinitions\it-IT\WinLogon.adml
[2009/07/14 09:22:55 | 000,009,430 | ---- | M] () MD5=7A3DF5FA7925B53A60E9B3A0764A296B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7da3cc58c0bdedf5\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 23:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 23:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2009/07/14 09:22:40 | 000,024,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\it-IT\winlogon.exe.mui
[2009/07/14 09:22:40 | 000,024,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b3984c5be7f26666\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/14 09:22:30 | 000,001,080 | ---- | M] () MD5=B5CE50ECD88A87597DE1E8DE71AC2ADF -- C:\Windows\SysNative\wbem\it-IT\winlogon.mfl
[2009/07/14 09:22:30 | 000,001,080 | ---- | M] () MD5=B5CE50ECD88A87597DE1E8DE71AC2ADF -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_it-it_115a9e27032abffb\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 22:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 22:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2011/10/04 23:14:03 | 000,000,083 | ---- | M] () -- C:\barni-once.ftp
[2014/03/04 18:42:33 | 000,000,105 | ---- | M] () -- C:\barni-once.txt
[2014/02/11 15:39:27 | 000,000,085 | ---- | M] () -- C:\barni-upload-once.txt
[2014/09/20 12:26:29 | 000,000,286 | ---- | M] () -- C:\blass-once.txt
[2011/10/25 11:59:45 | 000,000,172 | ---- | M] () -- C:\brevi-once.ftp
[2014/06/30 10:57:49 | 000,000,251 | ---- | M] () -- C:\castoldi-once.txt
[2014/09/11 16:52:31 | 000,000,105 | ---- | M] () -- C:\cea-upload-once.txt
[2014/06/11 10:01:02 | 000,000,138 | ---- | M] () -- C:\cometa-once.txt
[2011/09/27 22:51:23 | 000,000,075 | ---- | M] () -- C:\daicom-once.ftp
[2014/05/22 16:23:18 | 000,000,140 | ---- | M] () -- C:\derta-conferme-once.txt
[2014/05/21 15:38:08 | 000,000,099 | ---- | M] () -- C:\derta-upload-once.txt
[2012/02/08 01:49:24 | 003,414,547 | ---- | M] () -- C:\DIFOX-14955259.CSV
[2013/08/27 07:17:25 | 000,601,642 | ---- | M] () -- C:\DIFOX-14955259.csv.zip
[2014/04/24 17:24:39 | 000,000,184 | ---- | M] () -- C:\difox-once.ftp
[2011/09/27 22:43:25 | 000,000,083 | ---- | M] () -- C:\emmegi-once.ftp
[2014/03/04 18:46:59 | 000,000,109 | ---- | M] () -- C:\emmegi-once.txt
[2014/04/02 09:31:05 | 000,000,088 | ---- | M] () -- C:\esprinet-once.ftp
[2014/04/02 09:31:32 | 000,000,098 | ---- | M] () -- C:\esprinetc-once.ftp
[2014/04/02 09:31:20 | 000,000,094 | ---- | M] () -- C:\esprinetG-once.ftp
[2014/04/02 09:33:29 | 000,000,098 | ---- | M] () -- C:\esprinetimg-once.ftp
[2013/01/21 18:50:27 | 000,000,076 | ---- | M] () -- C:\esprinetPers-once.ftp
[2014/04/02 09:32:40 | 000,000,096 | ---- | M] () -- C:\esprinetquick-once.ftp
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2013/02/07 15:13:36 | 000,000,181 | ---- | M] () -- C:\executive-conferme-once.txt
[2011/12/23 13:35:22 | 000,000,102 | ---- | M] () -- C:\executive-once.ftp
[2013/02/07 13:01:53 | 000,000,111 | ---- | M] () -- C:\executive-upload-once.txt
[2012/03/27 14:22:04 | 000,003,676 | ---- | M] () -- C:\feedback pixmania.xml
[2014/05/21 15:44:44 | 000,000,139 | ---- | M] () -- C:\galimberti-conferme-once.txt
[2012/10/16 15:56:44 | 000,000,146 | ---- | M] () -- C:\galimberti-delete-once.bat
[2014/09/03 11:05:53 | 000,000,186 | ---- | M] () -- C:\galimberti-once.txt
[2014/04/24 17:25:23 | 000,000,098 | ---- | M] () -- C:\galimberti-upload-once.txt
[2014/06/09 09:01:43 | 000,000,085 | ---- | M] () -- C:\gfk-upload-once.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/06/28 12:25:38 | 000,000,063 | ---- | M] () -- C:\gross-once.ftp
[2012/10/04 14:20:48 | 000,000,166 | ---- | M] () -- C:\icecat.ftp
[2011/09/27 23:06:52 | 000,000,084 | ---- | M] () -- C:\idp-once.ftp
[2012/03/20 17:23:49 | 000,000,079 | ---- | M] () -- C:\ingram-once.ftp
[2012/03/20 17:31:38 | 000,000,085 | ---- | M] () -- C:\ingramD-once.ftp
[2012/03/28 10:51:26 | 000,000,085 | ---- | M] () -- C:\ingramT-once.ftp
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/09/27 23:17:35 | 000,000,112 | ---- | M] () -- C:\limbiati-once.ftp
[2011/07/12 20:54:28 | 004,627,635 | ---- | M] () -- C:\mysql-connector-c-noinstall-6.0.2-winx64-vs2005.zip
[2014/01/07 10:36:33 | 000,000,153 | ---- | M] () -- C:\once-brevi-daicom-idp.bat
[2011/07/09 12:55:38 | 000,000,239 | ---- | M] () -- C:\once-difox.bat
[2011/09/27 22:45:51 | 000,000,079 | ---- | M] () -- C:\once-emmegi.bat
[2013/01/23 13:05:43 | 000,000,218 | ---- | M] () -- C:\once-esprinet.bat
[2013/01/23 13:08:26 | 000,000,128 | ---- | M] () -- C:\once-esprinet_domenica.bat
[2014/03/27 16:28:12 | 000,000,468 | ---- | M] () -- C:\once-executive.bat
[2013/05/08 23:07:09 | 000,000,065 | ---- | M] () -- C:\once-galimberti.bat
[2011/07/09 12:57:46 | 000,000,219 | ---- | M] () -- C:\once-gross.bat
[2012/04/03 17:37:06 | 000,000,313 | ---- | M] () -- C:\once-hwtrade.bat
[2012/10/08 10:20:50 | 000,000,442 | ---- | M] () -- C:\once-icecat.bat
[2012/03/28 10:52:57 | 000,000,499 | ---- | M] () -- C:\once-ingram.bat
[2014/03/04 18:44:55 | 000,000,077 | ---- | M] () -- C:\once-limbiatibarni.bat
[2011/11/09 20:32:26 | 000,000,064 | ---- | M] () -- C:\once-pneus.bat
[2012/09/25 12:06:37 | 000,000,084 | ---- | M] () -- C:\once-store360-spedizioni.bat
[2012/04/17 18:16:32 | 000,000,073 | ---- | M] () -- C:\once-store360.bat
[2014/09/20 16:32:19 | 4290,367,487 | -HS- | M] () -- C:\pagefile.sys
[2014/02/02 02:05:47 | 000,000,303 | ---- | M] () -- C:\runner-once.txt
[2014/03/27 16:23:40 | 000,000,070 | ---- | M] () -- C:\siem-once.ftp
[2014/03/27 13:21:12 | 000,000,171 | ---- | M] () -- C:\siem-once.txt
[2014/05/12 17:00:22 | 000,000,118 | ---- | M] () -- C:\store360-giacenze.txt
[2012/09/25 12:05:55 | 000,000,101 | ---- | M] () -- C:\store360-once-spedizioni.ftp
[2014/05/15 09:40:06 | 000,000,124 | ---- | M] () -- C:\store360-once-spedizioni.txt
[2012/09/25 12:06:02 | 000,000,093 | ---- | M] () -- C:\store360-once.ftp
[2014/05/12 16:50:08 | 000,000,118 | ---- | M] () -- C:\store360-prodotti.txt
[2012/05/03 16:04:14 | 000,000,084 | ---- | M] () -- C:\store360-recupera-ordini.bat
[2012/05/03 16:23:31 | 000,000,134 | ---- | M] () -- C:\store360-recupera-ordini.ftp
[2014/05/12 15:55:12 | 000,000,159 | ---- | M] () -- C:\store360-recupera-ordini.txt
[2014/09/03 11:05:43 | 000,000,308 | ---- | M] () -- C:\tech-once.txt
[2014/07/30 19:27:00 | 000,392,460 | ---- | M] () -- C:\UPD32462.HTM
[2014/02/19 20:28:24 | 000,206,111 | ---- | M] () -- C:\UPD34876.CSV
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2010/04/23 00:02:29 | 002,087,619 | ---- | M] () -- C:\VS_EXPBSLN_x64_ita.CAB
[2010/04/23 00:05:16 | 000,554,496 | ---- | M] () -- C:\VS_EXPBSLN_x64_ita.MSI
[2013/02/18 23:54:12 | 009,200,984 | ---- | M] (Martin Prikryl) -- C:\WinSCP.exe
[2013/03/11 18:56:11 | 000,012,006 | ---- | M] () -- C:\WinSCP.ini
[2012/02/03 14:47:22 | 000,002,060 | ---- | M] () -- C:\yeppon.cer
 
< %systemroot%\Fonts\*.com >
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 06:57:55 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Il volume nell'unit… C non ha etichetta.
 Numero di serie del volume: A8E9-E781
 Directory di C:\
14/07/2009  07:06    <JUNCTION>     Documents and Settings [C:\Users]
21/03/2011  15:25    <JUNCTION>     Programmi [C:\Program Files]
               0 File              0 byte
 Directory di C:\Program Files
21/03/2011  15:25    <JUNCTION>     File comuni [C:\Program Files\Common Files]
               0 File              0 byte
 Directory di C:\Program Files\Windows NT
21/03/2011  15:25    <JUNCTION>     Accessori [C:\Program Files\Windows NT\Accessories]
               0 File              0 byte
 Directory di C:\ProgramData
14/07/2009  07:06    <JUNCTION>     Application Data [C:\ProgramData]
21/03/2011  15:25    <JUNCTION>     Dati applicazioni [C:\ProgramData]
14/07/2009  07:06    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
21/03/2011  15:25    <JUNCTION>     Documenti [C:\Users\Public\Documents]
14/07/2009  07:06    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  07:06    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
21/03/2011  15:25    <JUNCTION>     Menu Avvio [C:\ProgramData\Microsoft\Windows\Start Menu]
21/03/2011  15:25    <JUNCTION>     Modelli [C:\ProgramData\Microsoft\Windows\Templates]
21/03/2011  15:25    <JUNCTION>     Preferiti [C:\Users\Public\Favorites]
14/07/2009  07:06    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  07:06    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File              0 byte
 Directory di C:\ProgramData\Microsoft\Windows\Start Menu
21/03/2011  15:25    <JUNCTION>     Programmi [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 File              0 byte
 Directory di C:\Users
14/07/2009  07:06    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  07:06    <JUNCTION>     Default User [C:\Users\Default]
               0 File              0 byte
 Directory di C:\Users\Administrator
21/03/2011  15:28    <JUNCTION>     Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
21/03/2011  15:28    <JUNCTION>     Dati applicazioni [C:\Users\Administrator\AppData\Roaming]
21/03/2011  15:28    <JUNCTION>     Documenti [C:\Users\Administrator\Documents]
21/03/2011  15:28    <JUNCTION>     Impostazioni locali [C:\Users\Administrator\AppData\Local]
21/03/2011  15:28    <JUNCTION>     Menu Avvio [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
21/03/2011  15:28    <JUNCTION>     Modelli [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
21/03/2011  15:28    <JUNCTION>     Recenti [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
21/03/2011  15:28    <JUNCTION>     Risorse di rete [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21/03/2011  15:28    <JUNCTION>     Risorse di stampa [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/03/2011  15:28    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
               0 File              0 byte
 Directory di C:\Users\Administrator\AppData\Local
21/03/2011  15:28    <JUNCTION>     Cronologia [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
21/03/2011  15:28    <JUNCTION>     Dati applicazioni [C:\Users\Administrator\AppData\Local]
21/03/2011  15:28    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File              0 byte
 Directory di C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu
21/03/2011  15:28    <JUNCTION>     Programmi [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 File              0 byte
 Directory di C:\Users\Administrator\Documents
21/03/2011  15:28    <JUNCTION>     Immagini [C:\Users\Administrator\Pictures]
21/03/2011  15:28    <JUNCTION>     Musica [C:\Users\Administrator\Music]
21/03/2011  15:28    <JUNCTION>     Video [C:\Users\Administrator\Videos]
               0 File              0 byte
 Directory di C:\Users\All Users
14/07/2009  07:06    <JUNCTION>     Application Data [C:\ProgramData]
21/03/2011  15:25    <JUNCTION>     Dati applicazioni [C:\ProgramData]
14/07/2009  07:06    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
21/03/2011  15:25    <JUNCTION>     Documenti [C:\Users\Public\Documents]
14/07/2009  07:06    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  07:06    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
21/03/2011  15:25    <JUNCTION>     Menu Avvio [C:\ProgramData\Microsoft\Windows\Start Menu]
21/03/2011  15:25    <JUNCTION>     Modelli [C:\ProgramData\Microsoft\Windows\Templates]
21/03/2011  15:25    <JUNCTION>     Preferiti [C:\Users\Public\Favorites]
14/07/2009  07:06    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  07:06    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File              0 byte
 Directory di C:\Users\All Users\Microsoft\Windows\Start Menu
21/03/2011  15:25    <JUNCTION>     Programmi [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 File              0 byte
 Directory di C:\Users\Classic .NET AppPool
21/03/2011  18:13    <JUNCTION>     Cookies [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Cookies]
21/03/2011  18:13    <JUNCTION>     Dati applicazioni [C:\Users\Classic .NET AppPool\AppData\Roaming]
21/03/2011  18:13    <JUNCTION>     Documenti [C:\Users\Classic .NET AppPool\Documents]
21/03/2011  18:13    <JUNCTION>     Impostazioni locali [C:\Users\Classic .NET AppPool\AppData\Local]
21/03/2011  18:13    <JUNCTION>     Menu Avvio [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
21/03/2011  18:13    <JUNCTION>     Modelli [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Templates]
21/03/2011  18:13    <JUNCTION>     Recenti [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Recent]
21/03/2011  18:13    <JUNCTION>     Risorse di rete [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21/03/2011  18:13    <JUNCTION>     Risorse di stampa [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/03/2011  18:13    <JUNCTION>     SendTo [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\SendTo]
               0 File              0 byte
 Directory di C:\Users\Classic .NET AppPool\AppData\Local
21/03/2011  18:13    <JUNCTION>     Cronologia [C:\Users\Classic .NET AppPool\AppData\Local\Microsoft\Windows\History]
21/03/2011  18:13    <JUNCTION>     Dati applicazioni [C:\Users\Classic .NET AppPool\AppData\Local]
21/03/2011  18:13    <JUNCTION>     Temporary Internet Files [C:\Users\Classic .NET AppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File              0 byte
 Directory di C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu
21/03/2011  18:13    <JUNCTION>     Programmi [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 File              0 byte
 Directory di C:\Users\Classic .NET AppPool\Documents
21/03/2011  18:13    <JUNCTION>     Immagini [C:\Users\Classic .NET AppPool\Pictures]
21/03/2011  18:13    <JUNCTION>     Musica [C:\Users\Classic .NET AppPool\Music]
21/03/2011  18:13    <JUNCTION>     Video [C:\Users\Classic .NET AppPool\Videos]
               0 File              0 byte
 Directory di C:\Users\Default
14/07/2009  07:06    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  07:06    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
21/03/2011  15:25    <JUNCTION>     Dati applicazioni [C:\Users\Default\AppData\Roaming]
21/03/2011  15:25    <JUNCTION>     Documenti [C:\Users\Default\Documents]
21/03/2011  15:25    <JUNCTION>     Impostazioni locali [C:\Users\Default\AppData\Local]
14/07/2009  07:06    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
21/03/2011  15:25    <JUNCTION>     Menu Avvio [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
21/03/2011  15:25    <JUNCTION>     Modelli [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14/07/2009  07:06    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  07:06    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  07:06    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  07:06    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
21/03/2011  15:25    <JUNCTION>     Recenti [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
21/03/2011  15:25    <JUNCTION>     Risorse di rete [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21/03/2011  15:25    <JUNCTION>     Risorse di stampa [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  07:06    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  07:06    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  07:06    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File              0 byte
 Directory di C:\Users\Default\AppData\Local
14/07/2009  07:06    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
21/03/2011  15:25    <JUNCTION>     Cronologia [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
21/03/2011  15:25    <JUNCTION>     Dati applicazioni [C:\Users\Default\AppData\Local]
14/07/2009  07:06    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  07:06    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File              0 byte
 Directory di C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
21/03/2011  15:25    <JUNCTION>     Programmi [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 File              0 byte
 Directory di C:\Users\Default\Documents
21/03/2011  15:25    <JUNCTION>     Immagini [C:\Users\Default\Pictures]
21/03/2011  15:25    <JUNCTION>     Musica [C:\Users\Default\Music]
14/07/2009  07:06    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  07:06    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  07:06    <JUNCTION>     My Videos [C:\Users\Default\Videos]
21/03/2011  15:25    <JUNCTION>     Video [C:\Users\Default\Videos]
               0 File              0 byte
 Directory di C:\Users\Franco
06/07/2011  14:19    <JUNCTION>     Cookies [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Cookies]
06/07/2011  14:19    <JUNCTION>     Dati applicazioni [C:\Users\Franco\AppData\Roaming]
06/07/2011  14:19    <JUNCTION>     Documenti [C:\Users\Franco\Documents]
06/07/2011  14:19    <JUNCTION>     Impostazioni locali [C:\Users\Franco\AppData\Local]
06/07/2011  14:19    <JUNCTION>     Menu Avvio [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu]
06/07/2011  14:19    <JUNCTION>     Modelli [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Templates]
06/07/2011  14:19    <JUNCTION>     Recenti [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Recent]
06/07/2011  14:19    <JUNCTION>     Risorse di rete [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/07/2011  14:19    <JUNCTION>     Risorse di stampa [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/07/2011  14:19    <JUNCTION>     SendTo [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\SendTo]
               0 File              0 byte
 Directory di C:\Users\Franco\AppData\Local
06/07/2011  14:19    <JUNCTION>     Cronologia [C:\Users\Franco\AppData\Local\Microsoft\Windows\History]
06/07/2011  14:19    <JUNCTION>     Dati applicazioni [C:\Users\Franco\AppData\Local]
06/07/2011  14:19    <JUNCTION>     Temporary Internet Files [C:\Users\Franco\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File              0 byte
 Directory di C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu
06/07/2011  14:19    <JUNCTION>     Programmi [C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 File              0 byte
 Directory di C:\Users\Franco\Documents
06/07/2011  14:19    <JUNCTION>     Immagini [C:\Users\Franco\Pictures]
06/07/2011  14:19    <JUNCTION>     Musica [C:\Users\Franco\Music]
06/07/2011  14:19    <JUNCTION>     Video [C:\Users\Franco\Videos]
               0 File              0 byte
 Directory di C:\Users\Public\Documents
21/03/2011  15:25    <JUNCTION>     Immagini [C:\Users\Public\Pictures]
21/03/2011  15:25    <JUNCTION>     Musica [C:\Users\Public\Music]
14/07/2009  07:06    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  07:06    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  07:06    <JUNCTION>     My Videos [C:\Users\Public\Videos]
21/03/2011  15:25    <JUNCTION>     Video [C:\Users\Public\Videos]
               0 File              0 byte
     Totale file elencati:
               0 File              0 byte
             117 Directory  64.793.096.192 byte disponibili
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/12 20:52:46 | 000,000,282 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2011/06/04 19:11:00 | 002,424,672 | ---- | M] () -- C:\Users\Administrator\Desktop\aspjpeg.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 
 
Extras.Txt:
OTL Extras logfile created on: 22/09/2014 09:14:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\sicurezza
64bit- Web Server Edition  (Version = 6.1.7600) - Type = NTServer
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
8,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 34,65% Memory free
16,01 Gb Paging File | 11,30 Gb Available in Paging File | 70,58% Paging File free
Paging file location(s): c:\pagefile.sys 0 0g:\pagefile.sys 16 9000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 60,34 Gb Free Space | 60,40% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 18,92 Gb Free Space | 37,85% Space Free | Partition Type: NTFS
Drive F: | 10,00 Gb Total Space | 6,63 Gb Free Space | 66,34% Space Free | Partition Type: NTFS
Drive G: | 20,00 Gb Total Space | 9,76 Gb Free Space | 48,80% Space Free | Partition Type: NTFS
Drive H: | 20,00 Gb Total Space | 2,65 Gb Free Space | 13,23% Space Free | Partition Type: NTFS
Drive I: | 9,98 Gb Total Space | 9,90 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
 
Computer Name: WIN-8UOS4TC5R57 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1530AE04-FBD2-4ED6-81C4-8A2171B31F9C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2875792B-ED38-4892-89CD-38008CCA5470}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5F55ED72-1813-4D83-B10E-A77A56C9986F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{63ACF72C-BA9B-40C1-8967-5CE0B696CDAD}" = lport=5353 | protocol=17 | dir=in | app=c:\users\administrator\appdata\local\google\chrome\application\chrome.exe | 
"{6EF23BA4-1C44-4144-8FAD-3E0B7E283190}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8469D72F-70DE-422B-A815-162C3FBA980A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8CFBFC40-F9C4-46EE-8E9E-4DEB15CA0BBF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F521BA6-39BA-4959-8171-9D41ABA9E6E5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A0F2FAAF-024D-4434-B113-B7D7BC5D7DD3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A91DE358-9457-45E8-AA24-79CB6CF848A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE7E7B9A-7268-4C64-9A25-EB6A6A07000D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C299D68B-1E7E-4384-A664-CE1FCFD8EC42}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D5F07601-466D-4C52-822F-258690C59C5B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2FAC96-F0EB-4BDA-A3A1-CE45426D4B16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{49F236DB-571E-4475-A6F5-3C38EF618C6F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6D8A75E5-0BD2-4A18-99B3-CFC7FE4AEA01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C78E4167-9A28-4469-A277-736ABD966E2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{117ED4B0-B064-4592-A31C-8A8CD831BF4B}" = MySQL Provider
"{128128EA-7894-3A77-ADDF-6369CAB005A9}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ITA
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86418005FF}" = Java 8 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{39DBFCB6-79C3-333B-9D35-0908D83EC67F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA
"{68862147-4194-48BB-91ED-DA68F53F2E3A}" = File di supporto installazione di Microsoft SQL Server 2008 
"{6C2BD58A-D277-472C-8D40-35A37E9178E7}" = Microsoft SQL Server VSS Writer
"{800AA5F5-DEC2-4E47-8596-E95CFAA69EDC}" = Microsoft SQL Server Compact 3.5 SP2 x64 ITA
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FCC813C-B109-3C9F-AC72-81EF11C5A670}" = Microsoft Help Viewer 1.1 Language Pack - ITA
"{90F99902-8BF4-4F3E-AAA7-46D66DEA707C}" = SQL Server 2008 R2 Database Engine Shared
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9673C92B-5CEB-4029-8C45-C5E3D5A6CA4A}" = Installazione di Microsoft SQL Server 2008 R2 (Italiano)
"{9B57A772-BC72-3430-A198-46D48D4F1CCA}" = Microsoft .NET Framework 4 Extended ITA Language Pack
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{AE5AC54B-38B8-4A65-A090-8F77F4E5F852}" = Helicon ISAPI_Rewrite 3
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{DB321C62-AD24-449E-859A-53A5F6C0270F}" = Microsoft Web Deploy 2.0
"{DDB30728-8F7C-4130-ABC3-386ACEC5AC09}" = SQL Server 2008 R2 Database Engine Services
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{F0F0ED67-0B07-4AC2-B34D-1A844591421D}" = SQL Server 2008 R2 Common Files
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F3D7BBAA-7412-4388-B510-11E145D2C48B}" = Microsoft Web Platform Installer 3.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7031258-A61A-4825-B893-B40F83917193}" = MySQL Server 5.5
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ITA Language Pack" = Microsoft .NET Framework 4 Extended - Language Pack (ITA)
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - ITA" = Microsoft Help Viewer 1.1 Language Pack - ITA
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64 bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64 bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA" = Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA
"S3 Browser_is1" = S3 Browser version 4.3.1
"SQLyogCommunity64" = SQLyog Community 12.01 (64 bit)
"WinRAR archiver" = WinRAR 5.10 beta 3 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{22F90F2E-1DA2-4801-A58C-FC3D13297749}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{295BDBBD-D97E-4349-96F7-74A4500720DB}" = Microsoft SQL Server Browser
"{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58951FC6-706B-44BB-9670-49C5A4E8CB26}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.4.3
"{625991FA-1A48-4AD8-95D5-84A0C9896C9A}" = MySQL Workbench 6.1 CE
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{738ADB6C-C0BE-478D-B522-98D9DE8C6225}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools - ITA
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7CE14723-116F-4597-9321-9581FB17AE0A}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools - ITA
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-00D1-0410-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (Italian)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2200017-B0C5-42FA-9BCE-1E340CB90681}" = Microsoft Silverlight 3 SDK - Italiano
"{AA8422F1-BFFB-3215-9195-9179FE83AFE3}" = Microsoft Visual Web Developer 2010 Express - ITA
"{ACB6D28B-2D17-314C-9C6C-B597C0A3C15A}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B1522E4A-5303-4AEE-BBEF-F2DB18C812E7}" = IIS 7.5 Express
"{B1539B61-5EAE-4CE8-828B-FF8D57D59288}" = Microsoft ASP.NET MVC 3 - ITA
"{B201F8F2-E852-480B-831E-A2D6D5362979}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - ITA
"{B23B8C0C-DEAE-4147-AFD4-A000A67CB98C}" = Microsoft SQL Server Compact 3.5 SP2 ITA
"{B53F6597-2F8D-47EB-9A30-711AB3351539}" = Visual Studio 2010 SP1 Tools per SQL Server Compact 4.0 ITA
"{B5E6A45E-A794-49B3-B800-7F572E930DCE}" = Microsoft ASP.NET Web Pages - ITA
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE8DCA37-A15A-4C0B-B601-D18AC34C944D}" = NuGet
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{EA14AFC9-F095-4E59-9CEA-53D05A5B2891}" = Microsoft Silverlight 4 SDK - Italiano
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE75F5DE-959D-4E1C-8731-A1B7EB91E7C9}" = Microsoft ASP.NET MVC 2 - ITA
"{F7A9C5F8-DFB2-320E-AC5B-0E101FDDA658}" = Microsoft Visual C# 2010 Express - ITA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3614-7562-9356-7813" = Amazon Merchant Transport Utility 2.4.1
"7-Zip" = 7-Zip 9.20
"Citrix XenTools" = Citrix Tools for Virtual Machines
"FileZilla Server" = FileZilla Server (remove only)
"Microsoft Visual C# 2010 Express - ITA" = Microsoft Visual C# 2010 Express - ITA
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Web Developer 2010 Express - ITA" = Microsoft Visual Web Developer 2010 Express - ITA
"Mozilla Firefox 26.0 (x86 it)" = Mozilla Firefox 26.0 (x86 it)
"Notepad++" = Notepad++
"prof083111112546" = ManageEngine Applications Manager 10
"Windows Grep_is1" = Windows Grep 2.3
"WinMerge_is1" = WinMerge 2.14.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05/08/2014 04:42:30 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 05/08/2014 04:42:30 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 05/08/2014 04:42:37 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 05/08/2014 04:42:37 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 05/08/2014 04:43:21 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 05/08/2014 04:43:21 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 05/08/2014 04:43:26 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 05/08/2014 04:43:26 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 10/08/2014 10:49:06 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
Error - 16/09/2014 05:30:00 | Computer Name = WIN-8UOS4TC5R57 | Source = Active Server Pages | ID = 5
Description = 
 
[ System Events ]
Error - 21/09/2014 13:06:53 | Computer Name = WIN-8UOS4TC5R57 | Source = Schannel | ID = 36888
Description = Generato avviso di errore irreversibile: 10. Lo stato dell'errore 
interno è 1203.
 
Error - 21/09/2014 13:06:58 | Computer Name = WIN-8UOS4TC5R57 | Source = Schannel | ID = 36888
Description = Generato avviso di errore irreversibile: 10. Lo stato dell'errore 
interno è 1203.
 
Error - 21/09/2014 16:10:31 | Computer Name = WIN-8UOS4TC5R57 | Source = Schannel | ID = 36888
Description = Generato avviso di errore irreversibile: 10. Lo stato dell'errore 
interno è 904.
 
Error - 21/09/2014 17:03:10 | Computer Name = WIN-8UOS4TC5R57 | Source = UmrdpService | ID = 1111
Description = Il driver Send to Microsoft OneNote 15 Driver richiesto per la stampante
 Send To OneNote 2013 è sconosciuto. Contattare l'amministratore per installare 
il driver prima di eseguire una nuova connessione.
 
Error - 21/09/2014 17:03:11 | Computer Name = WIN-8UOS4TC5R57 | Source = UmrdpService | ID = 1111
Description = Il driver Nitro PDF Driver 9 richiesto per la stampante Nitro PDF 
Creator (Pro 9) è sconosciuto. Contattare l'amministratore per installare il driver
 prima di eseguire una nuova connessione.
 
Error - 21/09/2014 17:03:12 | Computer Name = WIN-8UOS4TC5R57 | Source = UmrdpService | ID = 1111
Description = Il driver Microsoft XPS Document Writer v4 richiesto per la stampante
 Microsoft XPS Document Writer è sconosciuto. Contattare l'amministratore per installare
 il driver prima di eseguire una nuova connessione.
 
Error - 21/09/2014 18:10:02 | Computer Name = WIN-8UOS4TC5R57 | Source = UmrdpService | ID = 1111
Description = Il driver Send to Microsoft OneNote 15 Driver richiesto per la stampante
 Send To OneNote 2013 è sconosciuto. Contattare l'amministratore per installare 
il driver prima di eseguire una nuova connessione.
 
Error - 21/09/2014 18:10:03 | Computer Name = WIN-8UOS4TC5R57 | Source = UmrdpService | ID = 1111
Description = Il driver Nitro PDF Driver 9 richiesto per la stampante Nitro PDF 
Creator (Pro 9) è sconosciuto. Contattare l'amministratore per installare il driver
 prima di eseguire una nuova connessione.
 
Error - 21/09/2014 18:10:03 | Computer Name = WIN-8UOS4TC5R57 | Source = UmrdpService | ID = 1111
Description = Il driver Microsoft XPS Document Writer v4 richiesto per la stampante
 Microsoft XPS Document Writer è sconosciuto. Contattare l'amministratore per installare
 il driver prima di eseguire una nuova connessione.
 
Error - 21/09/2014 18:35:22 | Computer Name = WIN-8UOS4TC5R57 | Source = TermDD | ID = 655416
Description = 
 
 
Hijack LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:29:47, on 22/09/2014
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files (x86)\AMTU\Amazon Merchant Transport Utility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
F:\sicurezza\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Amazon Merchant Transport Utility.lnk = C:\Program Files (x86)\AMTU\Amazon Merchant Transport Utility.exe
O4 - Startup: Servizio AMTU.lnk = C:\Program Files (x86)\AMTU\Utilities\amtu_daemon_w.exe
O15 - Trusted Zone: http://www.yeppon.it
O15 - ESC Trusted Zone: http://ftp.heanet.ie
O15 - ESC Trusted Zone: http://ignum.dl.sourceforge.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{00BD81AB-2C97-41D6-AC2D-0B23CFE4C8FE}: NameServer = 80.247.64.80,80.247.64.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{00BD81AB-2C97-41D6-AC2D-0B23CFE4C8FE}: NameServer = 80.247.64.80,80.247.64.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{00BD81AB-2C97-41D6-AC2D-0B23CFE4C8FE}: NameServer = 80.247.64.80,80.247.64.81
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMTU - Amazon Services - C:\Program Files (x86)\AMTU\Utilities\amtu_daemon_w.exe
O23 - Service: ManageEngine Applications Manager (Applications Manager) - Unknown owner - C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe
O23 - Service: @%systemroot%\system32\dns.exe,-49157 (DNS) - Unknown owner - C:\Windows\system32\dns.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\smtpsetup.exe,-1 (SMTPSVC) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Citrix Tools for Virtual Machines Service (xensvc) - Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\XenTools\xenservice.exe
 
--
End of file - 6469 bytes
 
< End of report >
 
 
DDS log:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64  
Run by Administrator at  9:31:08,16 on 22/09/2014
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.60.2
Microsoft Windows Web Server 2008 R2   6.1.7600.0.1252.39.1040.18.8188.5789 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe
C:\Windows\system32\dns.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\ManageEngine\AppManager10\working\jre\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Citrix\XenTools\xenservice.exe
C:\Windows\System32\svchost.exe -k termsvcs
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files (x86)\AMTU\Amazon Merchant Transport Utility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\rdpclip.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SQLyog Community\SQLyogCommunity.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
F:\sicurezza\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = res://iesetup.dll/SoftAdmin.htm
mWinlogon: Userinit=userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\AMTU\Amazon Merchant Transport Utility.exe
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVIZ~1.LNK - C:\Program Files (x86)\AMTU\Utilities\amtu_daemon_w.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ShowSuperHidden = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: yeppon.it\www
TCP: {00BD81AB-2C97-41D6-AC2D-0B23CFE4C8FE} = 80.247.64.80,80.247.64.81
LSA: Notification Packages = scecli rassfm
mASetup: {A509B1A7-37EF-4b3f-8CFC-4F3A74704073} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iesetup.dll",IEHardenAdmin
mASetup: {A509B1A8-37EF-4b3f-8CFC-4F3A74704073} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iesetup.dll",IEHardenUser
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\epp86j43.default\
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 scsifilt;scsifilt;C:\Windows\System32\drivers\scsifilt.sys [2010-5-20 52896]
R0 xenevtchn;xenevtchn;C:\Windows\System32\drivers\xevtchn.sys [2010-5-20 90784]
R0 xenvbd;xenvbd;C:\Windows\System32\drivers\xenvbd.sys [2010-5-20 162976]
R2 Applications Manager;ManageEngine Applications Manager;C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe [2011-8-31 126976]
R2 DNS;Server DNS;C:\Windows\System32\dns.exe [2009-7-14 695296]
R2 xensvc;Citrix Tools for Virtual Machines Service;C:\Program Files (x86)\Citrix\XenTools\xenservice.exe [2010-12-1 215040]
R3 Xennet6;Citrix PV Ethernet Adapter [NDIS6];C:\Windows\System32\drivers\xennet6.sys [2010-5-20 76448]
S0 sacdrv;sacdrv;C:\Windows\System32\drivers\sacdrv.sys [2009-7-14 96320]
S2 AMTU;AMTU;C:\Program Files (x86)\AMTU\Utilities\amtu_daemon_w.exe [2012-3-14 200192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FCRegSvc;Servizio di registrazione Microsoft per piattaforma Fibre Channel;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S3 ioatdma;Intel® QuickData Technology Device;C:\Windows\System32\drivers\qd260x64.sys [2009-6-10 35328]
S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-2-4 63304]
S3 RSoPProv;Provider Gruppo di criteri risultante;C:\Windows\System32\rsopprov.exe [2009-7-14 91648]
S3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 sacsvr;Helper console di amministrazione speciale;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
.
=============== Created Last 30 ================
.
2014-09-20 12:12:16 -------- d-----w- C:\Program Files\CCleaner
2014-09-18 14:25:25 -------- d-sh--w- C:\Users\ADMINI~1\AppData\Roaming\Common
2014-09-18 14:25:18 -------- d-----w- C:\Program Files\FileSeek
.
==================== Find3M  ====================
.
.
============= FINISH:  9:31:24,34 ===============

Edited by Gnorro, 22 September 2014 - 01:34 AM.

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 27 September 2014 - 01:50 PM

Hi Gnorro,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
 

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

 

 

Unfortunately, alot of the tools we use don't work correctly with Windows Server editions.  But, let's see what we can do.

 

I'd like some different scans please:

 

 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users