Solved: System32/services.exe and svchost.exe

Krugan · 04:20 PM

Hello everybody, I'm a new user and I hope someone can help me to solve my problem.

So, today I got the System32/services.exe trojan. AVG found the malware but it can't be removed because it says it's whitelisted. Then I tried to run malwarebytes which removed some malwares but couldn't even found that one. However, I noticed malwarebytes is blocking services.exe accessing malicious servers and sometimes it also blocking a svchost.exe process. I'll add HJT log and DDS log and I hope someone can help me.

EDIT: Now AVG resident shield it's also telling me that I have another trojan in c:\Windows\assembly\GAC_32\Desktop.ini, is this related to the previous one? Maybe it's the one who keeps moving my icons to the left side of the screen.

I have Windows 7 Professional 64 bit, so I can't run GMER.

HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:07:15, on 21/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\mirko\AppData\Local\Akamai\netsession_win.exe
C:\Users\mirko\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\mirko\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={806FD0B5-A0D5-45A3-BFCE-1A755CE1353C}&mid=4bd6029807b035d452131f7ee7de6f1b-2bda72e50462ed927c6052c61b6c684c89a702e2&lang=it&ds=gm011&pr=sa&d=2012-03-24 23:01:43&v=10.2.0.3&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll
R3 - URLSearchHook: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file)
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Supporti Registrazione test Web Microsoft 10.0 - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\mirko\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = mirko\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14430 bytes

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by mirko at 22:09:01 on 2012-07-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.4095.2473 [GMT 2:00]
.
AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Users\mirko\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Users\mirko\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\mirko\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://isearch.avg.com/?cid={806FD0B5-A0D5-45A3-BFCE-1A755CE1353C}&mid=4bd6029807b035d452131f7ee7de6f1b-2bda72e50462ed927c6052c61b6c684c89a702e2&lang=it&ds=gm011&pr=sa&d=2012-03-24 23:01:43&v=10.2.0.3&sap=hp
uSearch Bar =
mStart Page = ${URL_STARTPAGE}
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: PHPNukeIT Toolbar: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: PHPNukeIT Toolbar: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO: PHPNukeIT Toolbar: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Supporti Registrazione test Web Microsoft 10.0: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: PHPNukeIT Toolbar: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {E3393495-8103-46A0-8181-270273EDDD60} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Registrazione test Web 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Akamai NetSession Interface] "C:\Users\mirko\AppData\Local\Akamai\netsession_win.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\mirko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\D ropbox.lnk - C:\Users\mirko\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\mirko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\M Y_AUT~1.LNK - C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{881048FC-B8CF-488F-9BC0-6513B8335347} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8C3B691C-6CBF-434A-ADE0-BE790807A435} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{0FB6A909-6086-458F-BD92-1F8EE10042A0}
{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}
{30F9B915-B755-4826-820B-08FBA6BD249D}
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {E3393495-8103-46A0-8181-270273EDDD60} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mirko\AppData\Roaming\Mozilla\Firefox\Profiles\ou3mn0ne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - 92.249.112.114
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 92.249.112.114
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 92.249.112.114
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 92.249.112.114
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 92.249.112.114
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-11-13 90112]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;C:\Windows\system32\DRIVERS\AN983X64.sys --> C:\Windows\system32\DRIVERS\AN983X64.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio di Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-18 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-18 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 StorSvc;Servizio di archiviazione;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 Tomcat6;Apache Tomcat 6;C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2011-2-2 74240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-18 68440]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-4-22 124256]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-21 15:18:06 388096 ----a-r- C:\Users\mirko\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-21 15:18:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-21 14:34:38 -------- d-----w- C:\Users\mirko\AppData\Roaming\Malwarebytes
2012-07-21 14:34:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-21 14:34:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-21 14:34:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-21 13:50:18 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-29 13:52:47 -------- d-----w- C:\Users\mirko\AppData\Local\AMD
2012-06-29 13:49:08 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-06-29 13:48:23 -------- d-----w- C:\ProgramData\AMD
2012-06-29 13:48:20 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-06-29 13:48:18 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-06-29 13:45:34 -------- d-----w- C:\AMD
2012-06-28 22:37:51 -------- d-----w- C:\ProgramData\Tarma Installer
2012-06-28 22:37:13 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-28 08:36:52 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M ====================
.
2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 11:48:34 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-06-11 11:48:30 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-26 16:35:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 16:35:51 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-17 22:32:47 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-17 22:32:47 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-17 16:49:03 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-17 14:38:05 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2009-08-20 09:46:28 9819136 ----a-w- C:\Program Files\openofficeorg31.msi
2009-03-26 10:36:32 451928 ----a-w- C:\Program Files\setup.exe
2002-03-11 09:06:30 1822520 ----a-w- C:\Program Files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- C:\Program Files\instmsia.exe
.
============= FINISH: 22:09:33,80 ===============

Krugan · 22-Jul-2012, 06:58 PM #2

bump

kevinf80 · 23-Jul-2012, 02:21 AM #3

Hello Krugan and welcome to TSG,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.

Please proceed as follows :-

Step 1

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter. Type exit Tap enter, re-boot your PC.

***Note the space between sfc and /scannow

Step 2

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available Here if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Krugan · 02:59 PM

I know it's in italian, if I can help in some way just ask.

ComboFix 12-07-24.01 - mirko 23/07/2012 20:27:20.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.4095.2524 [GMT 2:00]
Eseguito da: c:\users\mirko\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.x ul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad. js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\mirko\AppData\Local\assembly\tmp
c:\users\mirko\AppData\Roaming\.#
c:\users\mirko\AppData\Roaming\PriceGong
c:\users\mirko\AppData\Roaming\PriceGong\Data\1.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\a.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\b.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\c.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\d.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\e.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\f.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\g.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\h.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\i.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\J.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\k.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\l.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\m.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\n.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\o.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\p.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\q.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\r.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\s.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\t.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\u.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\v.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\w.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\x.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\y.xml
c:\users\mirko\AppData\Roaming\PriceGong\Data\z.xml
c:\windows\_detmp.2
c:\windows\_detmp.4
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\@
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\L\00000004.@
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\L\201d3dde
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\00000004.@
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\00000008.@
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\000000cb.@
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\80000000.@
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\80000032.@
c:\windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\80000064.@
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-23 al 2012-07-23 )))))))))))))))))))))))))))))))))))
.
.
2012-07-23 18:34 . 2012-07-23 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 15:18 . 2012-07-21 15:18 388096 ----a-r- c:\users\mirko\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-21 15:18 . 2012-07-21 15:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\users\mirko\AppData\Roaming\Malwarebytes
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 14:34 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 13:50 . 2012-07-21 13:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-29 13:52 . 2012-06-29 13:52 -------- d-----w- c:\users\mirko\AppData\Local\AMD
2012-06-29 13:52 . 2012-06-29 13:52 -------- d-----w- c:\programdata\ATI
2012-06-29 13:49 . 2012-06-29 13:49 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-29 13:48 . 2012-06-29 13:48 -------- d-----w- c:\programdata\AMD
2012-06-29 13:48 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-06-29 13:48 . 2012-06-29 13:48 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-29 13:45 . 2012-06-29 13:45 -------- d-----w- C:\AMD
2012-06-28 22:37 . 2012-06-28 22:37 -------- d-----w- c:\programdata\Tarma Installer
2012-06-28 22:37 . 2012-06-28 22:37 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-28 22:37 . 2012-06-28 22:37 191264 ----a-w- c:\windows\system32\javaws.exe
2012-06-28 22:37 . 2012-06-28 22:37 172320 ----a-w- c:\windows\system32\javaw.exe
2012-06-28 22:37 . 2012-06-28 22:37 172320 ----a-w- c:\windows\system32\java.exe
2012-06-28 08:36 . 2012-06-28 08:36 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 11:48 . 2012-06-11 11:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-02 22:19 . 2012-06-21 11:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-26 16:35 . 2012-05-26 16:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-26 16:35 . 2011-06-18 18:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-17 22:32 . 2012-05-17 15:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-17 22:32 . 2012-05-17 14:38 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-17 16:49 . 2012-05-17 14:38 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-17 14:38 . 2012-05-17 14:38 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2009-08-20 09:46 . 2009-08-20 09:46 9819136 ----a-w- c:\program files\openofficeorg31.msi
2009-03-26 10:36 . 2009-03-26 10:36 451928 ----a-w- c:\program files\setup.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\program files (x86)\PHPNukeIT\tbPHPN.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2010-06-13 17:10 2734688 ----a-w- c:\program files (x86)\PHPNukeIT\tbPHPN.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\program files (x86)\PHPNukeIT\tbPHPN.dll" [2010-06-13 2734688]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Akamai NetSession Interface"="c:\users\mirko\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-05-25 1768960]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mirko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
My_AutoWarkey_Script.lnk - c:\program files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ALSysIO;ALSysIO;c:\users\mirko\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-04-03 35840]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 Tomcat6;Apache Tomcat 6;c:\program files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2011-02-02 74240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R3 X6va001;X6va001;c:\users\mirko\AppData\Local\Temp\00128B0.tmp [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-13 834544]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 202752]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-15 122880]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-04-10 294912]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [2005-05-19 48128]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1207808]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 00:03]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 00:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-05-11 8126464]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={806FD0B5-A0D5-45A3-BFCE-1A755CE1353C}&mid=4bd6029807b035d452131f7ee7de6f1b-2bda72e50462ed927c6052c61b6c684c89a702e2&lang=it&ds=gm011&pr=sa&d=2012-03-24 23:01&v=10.2.0.3&sap=hp
mStart Page = ${URL_STARTPAGE}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\mirko\AppData\Roaming\Mozilla\Firefox\Profiles\ou3mn0ne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - 92.249.112.114
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 92.249.112.114
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 92.249.112.114
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 92.249.112.114
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 92.249.112.114
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{e3393495-8103-46a0-8181-270273eddd60} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\mirko\AppData\Local\Temp\00128B0.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3561338919-1994117086-2426925317-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{062A24E1-A0D3-E60E-EBED-BB6318BD17C3}*]
"iaadlbklfamcmakkfd"=hex:6a,61,6f,6c,70,6d,6a,6c,6b,6d,6e,6b,67,69,6e,70,65 ,6c,
67,69,00,00
"hakcnenlkleccedl"=hex:6a,61,6f,6c,70,6d,6a,6c,6b,6d,6e,6b,67,69,6e,70,65,6 c,
67,69,00,00
"iaecdamkibbhklmoga"=hex:63,61,64,6d,61,6e,00,00
"dbfobkbkaoafpogikejdjegphlmhnmgkmccnafkf"=hex:68,61,70,61,66,67,67,62,67,6 f,
66,64,67,6f,61,66,00,00
"jbfobkbkaoafpogikejdgjedbdigkdpiomencecifiapmfahgflf"=hex:68,61,70,61,66,6 7,
67,62,67,6f,66,64,67,6f,61,66,00,00
"dbfobkbkaoafpogikejdeehncfgfnbfehcobgbhd"=hex:6a,61,6b,6d,6a,67,6a,6f,6c,6 1,
69,6c,6b,65,6d,61,6b,68,6f,64,00,00
"dbhonkmikmhnapcbhaeemlaffmokejbebhnfoghb"=hex:68,61,70,61,66,67,67,62,67,6 f,
66,64,67,6f,61,66,00,00
"jbhonkmikmhnapcbhaeedmgopkloangnfoodhlpdfacjopnpmgoo"=hex:68,61,70,61,66,6 7,
67,62,67,6f,66,64,67,6f,61,66,00,00
"dbhonkmikmhnapcbhaeennjcfjijomhgegbdbnck"=hex:62,61,6b,6d,00,00
.
[HKEY_USERS\S-1-5-21-3561338919-1994117086-2426925317-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AC0497BE-6CDE-ED46-74FF-0E7529A188B1}*]
"paidgioonnaggomkljchbdkodkkinofd"=hex:61,62,64,6d,63,68,6d,6a,68,6a,6d,6c, 6c,
69,6b,6a,61,61,63,65,6f,6c,62,64,63,6e,63,64,68,6f,6b,62,6b,6d,00,77
.
[HKEY_USERS\S-1-5-21-3561338919-1994117086-2426925317-1000\Software\SecuROM\License information*]
"datasecu"=hex:1a,f1,cd,f2,ac,c4,59,5b,8b,15,73,9c,59,44,ba,20,46,76,7b,a4, 8e,
19,bc,ce,9c,e0,05,8b,7e,66,5a,dc,54,0d,8d,c7,ca,25,7d,b6,84,0c,26,c5,58,a9, \
"rkeysecu"=hex:ad,55,35,3e,96,e3,f1,1d,06,b0,6d,37,4d,60,14,5d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-23 20:42:04 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-23 18:42
.
Pre-Run: 139.196.231.680 byte disponibili
Post-Run: 139.240.898.560 byte disponibili
.
- - End Of File - - 0C57C14814FA78972C5A48EFC77A0F27

kevinf80 · 24-Jul-2012, 03:04 PM #5

Apologies for late reply i`m currently in Newcastle RVI having been diagnosed with a rather large Aneyrysm to the left side of the brain. I`ve had a diagnostic angiogram and am still waiting to find out the next step. It will be a repair of some sort, either by angiogram or invasive surgery. I will find out at some point tomorrow....

OK for now we continue:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:

ClearJavaCache::
Killall::
File::
c:\windows\SysWow64\%APPDATA%
c:\program files\setup.exe
Folder::
c:\program files (x86)\PHPNukeIT
c:\program files (x86)\ConduitEngine
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"=-
[-HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
Firefox::
FF - ProfilePath - c:\users\mirko\AppData\Roaming\Mozilla\Firefox\Profiles\ou3mn0ne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
RegNull::
[HKEY_USERS\S-1-5-21-3561338919-1994117086-2426925317-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{062A24E1-A0D3-E60E-EBED-BB6318BD17C3}*]
[HKEY_USERS\S-1-5-21-3561338919-1994117086-2426925317-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AC0497BE-6CDE-ED46-74FF-0E7529A188B1}*]
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Leave the tick out of remove found threats
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Post those two logs in next reply...

Kevin

Krugan · 25-Jul-2012, 03:30 PM #6

COMBOFIX

ComboFix 12-07-24.01 - mirko 25/07/2012 0:28.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.4095.2713 [GMT 2:00]
Eseguito da: c:\users\mirko\Desktop\ComboFix.exe
Opzioni usate :: c:\users\mirko\Desktop\CFScript.txt
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\setup.exe"
"c:\windows\SysWow64\%APPDATA%"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngin0.dll
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\program files (x86)\PHPNukeIT
c:\program files (x86)\PHPNukeIT\INSTALL.LOG
c:\program files (x86)\PHPNukeIT\PHPNukeITToolbarHelper.exe
c:\program files (x86)\PHPNukeIT\tbPHP0.dll
c:\program files (x86)\PHPNukeIT\tbPHP1.dll
c:\program files (x86)\PHPNukeIT\tbPHPN.dll
c:\program files (x86)\PHPNukeIT\toolbar.cfg
c:\program files (x86)\PHPNukeIT\UNWISE.EXE
c:\program files (x86)\PHPNukeIT\UNWISE.INI
c:\program files\setup.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-24 al 2012-07-24 )))))))))))))))))))))))))))))))))))
.
.
2012-07-24 22:35 . 2012-07-24 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 15:18 . 2012-07-21 15:18 388096 ----a-r- c:\users\mirko\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-21 15:18 . 2012-07-21 15:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\users\mirko\AppData\Roaming\Malwarebytes
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 14:34 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 13:50 . 2012-07-21 13:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-29 13:52 . 2012-06-29 13:52 -------- d-----w- c:\users\mirko\AppData\Local\AMD
2012-06-29 13:52 . 2012-06-29 13:52 -------- d-----w- c:\programdata\ATI
2012-06-29 13:49 . 2012-06-29 13:49 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-29 13:48 . 2012-06-29 13:48 -------- d-----w- c:\programdata\AMD
2012-06-29 13:48 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-06-29 13:48 . 2012-06-29 13:48 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-29 13:45 . 2012-06-29 13:45 -------- d-----w- C:\AMD
2012-06-28 22:37 . 2012-06-28 22:37 -------- d-----w- c:\programdata\Tarma Installer
2012-06-28 22:37 . 2012-06-28 22:37 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-28 22:37 . 2012-06-28 22:37 191264 ----a-w- c:\windows\system32\javaws.exe
2012-06-28 22:37 . 2012-06-28 22:37 172320 ----a-w- c:\windows\system32\javaw.exe
2012-06-28 22:37 . 2012-06-28 22:37 172320 ----a-w- c:\windows\system32\java.exe
2012-06-28 08:36 . 2012-06-28 08:36 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 11:48 . 2012-06-11 11:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-02 22:19 . 2012-06-21 11:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-26 16:35 . 2012-05-26 16:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-26 16:35 . 2011-06-18 18:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-17 22:32 . 2012-05-17 15:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-17 22:32 . 2012-05-17 14:38 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-17 16:49 . 2012-05-17 14:38 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-17 14:38 . 2012-05-17 14:38 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2009-08-20 09:46 . 2009-08-20 09:46 9819136 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_18.35.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-05 17:39 . 2012-07-24 21:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
- 2012-02-05 17:39 . 2012-07-06 18:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2012-07-23 16:49 . 2012-07-24 21:02 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2012-07-23 16:49 . 2012-07-23 18:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-24 21:02 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 18:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-11-13 16:44 . 2012-07-24 22:39 26000 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-24 22:39 26110 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-13 16:09 . 2012-07-24 22:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-11-13 16:09 . 2012-07-23 18:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-11-13 16:09 . 2012-07-23 18:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 16:09 . 2012-07-24 22:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 22:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 18:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-11-13 16:23 . 2012-07-24 22:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-11-13 16:23 . 2012-07-24 22:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
+ 2009-11-13 16:23 . 2012-07-24 22:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2009-11-13 16:23 . 2012-07-24 22:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2009-11-13 16:23 . 2012-07-24 22:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2009-11-13 16:29 . 2012-07-24 22:39 4972 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3561338919-1994117086-2426925317-1000_UserData.bin
- 2012-07-23 18:35 . 2012-07-23 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-24 22:36 . 2012-07-24 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 18:35 . 2012-07-23 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-24 22:36 . 2012-07-24 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-23 18:34 530728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-24 22:36 530728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-23 18:03 1474560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 21:02 1474560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2011-03-18 01:53 . 2012-07-23 18:34 2824456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561338919-1994117086-2426925317-1000-12288.dat
+ 2011-03-18 01:53 . 2012-07-24 22:36 2824456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561338919-1994117086-2426925317-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Akamai NetSession Interface"="c:\users\mirko\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-05-25 1768960]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mirko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
My_AutoWarkey_Script.lnk - c:\program files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ALSysIO;ALSysIO;c:\users\mirko\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-04-03 35840]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 Tomcat6;Apache Tomcat 6;c:\program files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2011-02-02 74240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-13 834544]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 202752]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-15 122880]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-04-10 294912]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [2005-05-19 48128]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1207808]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 00:03]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 00:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-05-11 8126464]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={806FD0B5-A0D5-45A3-BFCE-1A755CE1353C}&mid=4bd6029807b035d452131f7ee7de6f1b-2bda72e50462ed927c6052c61b6c684c89a702e2&lang=it&ds=gm011&pr=sa&d=2012-03-24 23:01&v=10.2.0.3&sap=hp
mStart Page = ${URL_STARTPAGE}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\mirko\AppData\Roaming\Mozilla\Firefox\Profiles\ou3mn0ne.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - 92.249.112.114
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 92.249.112.114
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 92.249.112.114
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 92.249.112.114
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 92.249.112.114
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-PHPNukeIT Toolbar - c:\progra~2\PHPNUK~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3561338919-1994117086-2426925317-1000\Software\SecuROM\License information*]
"datasecu"=hex:1a,f1,cd,f2,ac,c4,59,5b,8b,15,73,9c,59,44,ba,20,46,76,7b,a4, 8e,
19,bc,ce,9c,e0,05,8b,7e,66,5a,dc,54,0d,8d,c7,ca,25,7d,b6,84,0c,26,c5,58,a9, \
"rkeysecu"=hex:ad,55,35,3e,96,e3,f1,1d,06,b0,6d,37,4d,60,14,5d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-25 00:43:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-24 22:43
ComboFix2.txt 2012-07-23 18:42
.
Pre-Run: 137.695.113.216 byte disponibili
Post-Run: 137.630.810.112 byte disponibili
.
- - End Of File - - 19C15081FCE31E642E8453035A41FAE8

ESETScan

C:\Qoobox\Quarantine\C\Windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd68ff688f2 5ef.0000 Win64/Patched.B.Gen trojan

ESET LOG

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=33a37aaa55bffb4194c30c50c28c21a2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-25 07:21:53
# local_time=2012-07-25 09:21:53 (+0100, ora legale Europa occidentale)
# country="Italy"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 351487 351487 0 0
# compatibility_mode=1024 16777215 100 0 19868898 19868898 0 0
# compatibility_mode=5893 16776574 100 94 44587255 94865223 0 0
# compatibility_mode=8192 67108863 100 0 65356 65356 0 0
# scanned=413735
# found=3
# cleaned=0
# scan_time=8740
C:\Qoobox\Quarantine\C\Windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\00000008.@.vir Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\Installer\{583df56a-6992-7a85-841f-5746c3487f3c}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd68ff688f2 5ef.0000 Win64/Patched.B.Gen trojan (unable to clean) 00000000000000000000000000000000 I

kevinf80 · 26-Jul-2012, 04:54 AM #7

Hiya Krugan,

Apologies for the delay, unfortunately I cannot continue your thread for now due to circumstances outwith my control. I`ve asked one of the other guys to take over.

Thankyou for your understanding,

Kevin

kevinf80 · 27-Jul-2012, 06:49 AM #8

Apologies again for the delay, I thought one of the other guys would have picked up your thread. I`m currently in Hospital waiting for an operation, this will not take place until Tues or Weds so i`ll continue.

OK, do the following please:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Files
ipconfig /flushdns /c
c:\windows\SysWow64\%APPDATA%
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd68ff688f2 5ef.0000
:Commands
[EmptyTemp]
[ResetHosts]
[ClearAllRestorePoints]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see that log, also give an update on any remaining issues or concerns. Can you also tell me if the Internet proxy over rides in Internet Explorer and FireFox are known to you?

Thanks,

Kevin..

Krugan · 27-Jul-2012, 04:26 PM #9

The log is here

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\mirko\Desktop\cmd.bat deleted successfully.
C:\Users\mirko\Desktop\cmd.txt deleted successfully.
c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
c:\windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
c:\windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
c:\windows\SysWow64\%APPDATA% folder moved successfully.
File/Folder C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd68ff688f2 5ef.0000 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mirko
->Temp folder emptied: 29217652 bytes
->Temporary Internet Files folder emptied: 8532489 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1165566138 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 68262 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 298122 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\ Temporary Internet Files folder emptied: 47057944 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 50455 bytes
RecycleBin emptied: 8425280 bytes

Total Files Cleaned = 1.201,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.21.0 log created on 07272012_221010

Files moved on Reboot...
C:\Users\mirko\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3352.log moved successfully.
File C:\Windows\temp\hsperfdata_MIRKO-PC$\1628 not found!

Registry entries deleted on Reboot...

My only issue now is that yesterday avg resident shield fould some malware in some cookies related to skype but I didn't remove them because I tought it could interfere with your cleaning procedure.

Also, there is this proxy in my firefox configuration 92.249.112.114(manual). I don't know what it is, maybe I used it long ago and forgot to remove. I don't see any proxy in my IE configuration, i don't use IE at all.

kevinf80 · 27-Jul-2012, 05:25 PM **#10**

We need to run CFScript fix one more time as follows:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:

ClearJavaCache::
Killall::
DDS::
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Firefox::
FF - ProfilePath - c:\users\mirko\AppData\Roaming\Mozilla\Firefox\Profiles\ou3mn0ne.default\
FF - prefs.js: network.proxy.ftp - 92.249.112.114
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 92.249.112.114
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 92.249.112.114
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 92.249.112.114
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 92.249.112.114
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 4

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Let me see that log. You can let AVG deal with any cookies it finds. Tell me how your system responds and any remaining issues you may have....

Kevin

Krugan · 28-Jul-2012, 03:33 AM **#11**

ComboFix 12-07-24.01 - mirko 27/07/2012 23:33:41.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.4095.2804 [GMT 2:00]
Eseguito da: c:\users\mirko\Desktop\ComboFix.exe
Opzioni usate :: c:\users\mirko\Desktop\CFScript.txt
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-27 al 2012-07-27 )))))))))))))))))))))))))))))))))))
.
.
2012-07-27 21:39 . 2012-07-27 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 20:10 . 2012-07-27 20:10 -------- d-----w- C:\_OTM
2012-07-26 20:35 . 2012-07-26 20:35 -------- d-----w- c:\users\mirko\temp
2012-07-26 20:35 . 2012-07-26 20:35 -------- d-----w- c:\program files (x86)\TeamViewer
2012-07-24 22:46 . 2012-07-24 22:46 -------- d-----w- c:\program files (x86)\ESET
2012-07-21 15:18 . 2012-07-21 15:18 388096 ----a-r- c:\users\mirko\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-21 15:18 . 2012-07-21 15:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\users\mirko\AppData\Roaming\Malwarebytes
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-21 14:34 . 2012-07-21 14:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 14:34 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 13:52 . 2012-06-29 13:52 -------- d-----w- c:\users\mirko\AppData\Local\AMD
2012-06-29 13:52 . 2012-06-29 13:52 -------- d-----w- c:\programdata\ATI
2012-06-29 13:49 . 2012-06-29 13:49 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-29 13:48 . 2012-06-29 13:48 -------- d-----w- c:\programdata\AMD
2012-06-29 13:48 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-06-29 13:48 . 2012-06-29 13:48 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-29 13:45 . 2012-06-29 13:45 -------- d-----w- C:\AMD
2012-06-28 22:37 . 2012-06-28 22:37 -------- d-----w- c:\programdata\Tarma Installer
2012-06-28 22:37 . 2012-06-28 22:37 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-28 22:37 . 2012-06-28 22:37 191264 ----a-w- c:\windows\system32\javaws.exe
2012-06-28 22:37 . 2012-06-28 22:37 172320 ----a-w- c:\windows\system32\javaw.exe
2012-06-28 22:37 . 2012-06-28 22:37 172320 ----a-w- c:\windows\system32\java.exe
2012-06-28 08:36 . 2012-06-28 08:36 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 11:48 . 2012-06-11 11:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-02 22:19 . 2012-06-21 11:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-26 16:35 . 2012-05-26 16:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-26 16:35 . 2011-06-18 18:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-17 22:32 . 2012-05-17 15:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-17 22:32 . 2012-05-17 14:38 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-17 16:49 . 2012-05-17 14:38 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-17 14:38 . 2012-05-17 14:38 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2009-08-20 09:46 . 2009-08-20 09:46 9819136 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_18.35.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-05 17:39 . 2012-07-24 21:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
- 2012-02-05 17:39 . 2012-07-06 18:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
- 2012-07-23 16:49 . 2012-07-23 18:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2012-07-23 16:49 . 2012-07-25 16:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-25 16:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 18:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-11-13 16:44 . 2012-07-27 20:16 26692 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-27 20:16 26190 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-13 16:09 . 2012-07-27 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-11-13 16:09 . 2012-07-23 18:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-11-13 16:09 . 2012-07-27 21:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-11-13 16:09 . 2012-07-23 18:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 18:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-11-13 16:23 . 2012-07-27 20:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-11-13 16:23 . 2012-07-27 20:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 16:23 . 2012-07-27 20:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
+ 2009-11-13 16:23 . 2012-07-27 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2009-11-13 16:23 . 2012-07-27 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2009-11-13 16:23 . 2012-07-23 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2012-07-25 19:53 . 2012-07-25 19:53 5464 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Pr ofiles\zo02htub.default\pluginreg.dat
+ 2009-11-13 16:29 . 2012-07-27 20:16 5124 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3561338919-1994117086-2426925317-1000_UserData.bin
+ 2012-07-27 21:40 . 2012-07-27 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 18:35 . 2012-07-23 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 21:40 . 2012-07-27 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 18:35 . 2012-07-23 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-23 18:34 530728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-27 21:39 530728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-16 20:47 . 2012-05-16 20:47 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-07-26 20:29 . 2012-07-26 20:29 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2011-03-18 01:53 . 2012-07-27 21:39 2824456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561338919-1994117086-2426925317-1000-12288.dat
- 2011-03-18 01:53 . 2012-07-23 18:34 2824456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561338919-1994117086-2426925317-1000-12288.dat
+ 2012-07-26 20:28 . 2012-07-26 20:28 19337216 c:\windows\Installer\46511c.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Akamai NetSession Interface"="c:\users\mirko\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-05-25 1768960]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mirko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
My_AutoWarkey_Script.lnk - c:\program files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-04-03 35840]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 Tomcat6;Apache Tomcat 6;c:\program files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2011-02-02 74240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-13 834544]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 202752]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-15 122880]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-04-10 294912]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [2005-05-19 48128]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1207808]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 00:03]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 00:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\mirko\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-05-11 8126464]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={806FD0B5-A0D5-45A3-BFCE-1A755CE1353C}&mid=4bd6029807b035d452131f7ee7de6f1b-2bda72e50462ed927c6052c61b6c684c89a702e2&lang=it&ds=gm011&pr=sa&d=2012-03-24 23:01&v=10.2.0.3&sap=hp
mStart Page = ${URL_STARTPAGE}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\mirko\AppData\Roaming\Mozilla\Firefox\Profiles\ou3mn0ne.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3561338919-1994117086-2426925317-1000\Software\SecuROM\License information*]
"datasecu"=hex:1a,f1,cd,f2,ac,c4,59,5b,8b,15,73,9c,59,44,ba,20,46,76,7b,a4, 8e,
19,bc,ce,9c,e0,05,8b,7e,66,5a,dc,54,0d,8d,c7,ca,25,7d,b6,84,0c,26,c5,58,a9, \
"rkeysecu"=hex:ad,55,35,3e,96,e3,f1,1d,06,b0,6d,37,4d,60,14,5d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-27 23:46:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-27 21:46
ComboFix2.txt 2012-07-24 22:43
ComboFix3.txt 2012-07-23 18:42
.
Pre-Run: 137.152.040.960 byte disponibili
Post-Run: 136.631.709.696 byte disponibili
.
- - End Of File - - FF414662BADC62240C26E76DCBE02856

It seems like AVG can't remove those cookies, I can only add an exception.

kevinf80 · 28-Jul-2012, 07:50 AM **#12**

Ok, install and run the following, see if that will deal with the cookies:

Please download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Post that log, let me know how your system is responding and what issues remain..

Kevin

Krugan · 29-Jul-2012, 07:45 AM **#13**

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/29/2012 at 01:31 PM

Application Version : 5.5.1012

Core Rules Database Version : 8977
Trace Rules Database Version: 6789

Scan type : Complete Scan
Total Scan Time : 02:16:45

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 622
Memory threats detected : 0
Registry items scanned : 69503
Registry threats detected : 0
File items scanned : 426661
File threats detected : 511

Adware.Tracking Cookie
C:\Users\mirko\AppData\Roaming\Microsoft\Windows\Cookies\mirko@atdmt.combin g[2].txt [ /atdmt.combing ]
C:\Users\mirko\AppData\Roaming\Microsoft\Windows\Cookies\mirko@atdmt.combin g[3].txt [ /atdmt.combing ]
C:\Users\mirko\AppData\Roaming\Microsoft\Windows\Cookies\mirko@atdmt[1].txt [ /atdmt ]
C:\Users\mirko\AppData\Roaming\Microsoft\Windows\Cookies\mirko@atdmt[2].txt [ /atdmt ]
C:\Users\mirko\AppData\Roaming\Microsoft\Windows\Cookies\mirko@c.atdmt[2].txt [ /c.atdmt ]
C:\Users\mirko\AppData\Roaming\Microsoft\Windows\Cookies\mirko@doubleclick[1].txt [ /doubleclick ]
C:\Users\mirko\AppData\Roaming\Microsoft\Windows\Cookies\mirko@doubleclick[3].txt [ /doubleclick ]
C:\USERS\MIRKO\AppData\Roaming\Microsoft\Windows\Cookies\mirko@clkads[3].txt [ Cookie:mirko@clkads.com/adServe/banners ]
C:\USERS\MIRKO\Cookies\mirko@clkads[3].txt [ Cookie:mirko@clkads.com/adServe/banners ]
C:\USERS\MIRKO\Cookies\mirko@doubleclick[3].txt [ Cookie:mirko@doubleclick.net/ ]
C:\USERS\MIRKO\Cookies\mirko@c.atdmt[2].txt [ Cookie:mirko@c.atdmt.com/ ]
C:\USERS\MIRKO\Cookies\mirko@atdmt[1].txt [ Cookie:mirko@atdmt.com/ ]
C:\USERS\MIRKO\Cookies\mirko@atdmt.combing[3].txt [ Cookie:mirko@atdmt.combing.com/ ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MIRKO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.apmebf.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
adv.arubamediamarketing.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adtech.de [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.game-advertising-online.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.ru4.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.advertising.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adbrite.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track1.httptrack.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.histats.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.histats.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.xiti.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.kontera.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.saymedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
eas8.emediate.eu [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
eas8.emediate.eu [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
eas8.emediate.eu [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.solvemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
tradefx.advertserve.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.histats.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adjuggler.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
forexyard.advertserve.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adnetwork.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.harrenmedianetwork.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.2o7.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s4.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track12.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track12.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.specificclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mediafire.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads2.iweb.cortica.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.oase00821.247realmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.yadro.ru [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
in.getclicky.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.account.hirezstudios.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s10.flagcounter.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.renault6.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.renault6.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.renault6.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.renault6.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.apmebf.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.acquista.mediasetpremium.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s44.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.2o7.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s4.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.pcworldcommunication.122.2o7.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s03.flagcounter.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s12.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s12.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adinterax.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adinterax.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads1.zenoviaexchange.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s44.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s46.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.promocionesporno.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.etracker.de [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads.ventivmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.hewlettpackard.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.hewlettpackard.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.hewlettpackard.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.hewlettpackard.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
adserver.gameads.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.liveperson.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.liveperson.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adbrite.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adbrite.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.e-2dj6wdlienajogo.stats.esomniture.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads2.247activemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s15.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
eas8.emediate.eu [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.mediafire.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.mediafire.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mediafire.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mediafire.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mediafire.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.samsung3.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.samsung3.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.samsung3.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.samsung3.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.barilla.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.barilla.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.barilla.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.barilla.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.ru4.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.farmaceuticiciccarelli.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.farmaceuticiciccarelli.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.farmaceuticiciccarelli.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.farmaceuticiciccarelli.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
s2.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.shinystat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ox-d.secure-clicks.org [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.estat.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
imagevenue.advertserve.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
imagevenue.advertserve.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adserve.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adlegend.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adlegend.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.toplist.cz [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
us.2.cqcounter.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.openstat.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.spreamedia.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.overture.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.quizilla.teennick.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.quizilla.teennick.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.teennick.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.overture.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
quizilla.teennick.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
quizilla.teennick.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
insight.torbit.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
de-fourmedia.videoplaza.tv [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads1.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ads1.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.animeclick.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.animeclick.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adxpansion.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.statcounter.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.dmtracker.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.advertising.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mediatraffic.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.bestwestern.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.bestwestern.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.bestwestern.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.bestwestern.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
tracking.hostgator.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.advertising.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.2o7.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.airoptixmultifocal.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.airoptixmultifocal.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.airoptixmultifocal.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.airoptixmultifocal.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.accounts.google.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.accounts.google.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.accounts.google.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
accounts.google.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
accounts.google.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.payclick.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.advertising.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.advertising.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.advertising.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adbrite.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.collective-media.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adbrite.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.solocpm.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.payclick.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.payclick.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.clickpoint.it [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adtech.de [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.pg2.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.pg2.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.pg2.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.pg2.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.revsci.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.fastclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zedo.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
display.clickpoint.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.zanox.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.vodafoneit.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.vodafoneit.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.vodafoneit.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.vodafoneit.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.weboramaitdata.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.weboramaitdata.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.weboramaitdata.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.weboramaitdata.solution.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.weborama.fr [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adformdsp.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
track.adform.net [ C:\USERS\MIRKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OU3MN0NE.DEFAULT\CO OKIES.SQLITE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@247REALMEDIA[2].TXT [ /247REALMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@AD.360YIELD[2].TXT [ /AD.360YIELD ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@AD.ZANOX[2].TXT [ /AD.ZANOX ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ADBRITE[2].TXT [ /ADBRITE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ADFORMDSP[1].TXT [ /ADFORMDSP ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ADFORM[2].TXT [ /ADFORM ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ADS.ADK2[1].TXT [ /ADS.ADK2 ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ADS.CPXCENTER[2].TXT [ /ADS.CPXCENTER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ADS.LZJL[2].TXT [ /ADS.LZJL ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ATDMT[2].TXT [ /ATDMT ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@CLICKSOR[2].TXT [ /CLICKSOR ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@HISTATS[1].TXT [ /HISTATS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@HISTATS[2].TXT [ /HISTATS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@INVITEMEDIA[3].TXT [ /INVITEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@MYROITRACKING[1].TXT [ /MYROITRACKING ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@OX-D.ADSERVERMEDIA[2].TXT [ /OX-D.ADSERVERMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@REVSCI[2].TXT [ /REVSCI ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@SERVER.ADFORMDSP[1].TXT [ /SERVER.ADFORMDSP ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@STATCOUNTER[2].TXT [ /STATCOUNTER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\ COOKIES\SYSTEM@ZANOX[2].TXT [ /ZANOX ]
.doubleclick.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\ZO02HTUB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\ZO02HTUB.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\ZO02HTUB.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\ZO02HTUB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\ZO02HTUB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\ZO02HTUB.DEFAULT\COOKIES.SQLITE ]

The system is responding fine, no slow down or strange alerts.

kevinf80 · 29-Jul-2012, 11:40 AM **#14**

OK, do the following:

Step 1

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2

Remove ESET online scanner:

Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

Step 3

Download OTC by OldTimer and save it to your desktop. Alternative mirror
Double click icon to start the program.
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.
This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Step 4

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
If Java or Adobe as updated please check under Start > Control Panel > Programs and Featues, ensure any old versions are removed. <--- Very Important

Step 5

Download

TFC to your desktop, from either of the following links
Link 1
Link 2

Save any open work. TFC will close all open application windows.
Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those step complete OK, also if any remaining issues or concerns...

Kevin

Krugan · 30-Jul-2012, 07:19 AM **#15**

Everything went ok and the system is running fine. Thanks a lot and good luck with your operation.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Solved: System32/services.exe and svchost.exe

Find the solution to your computer problem!

Find the solution to your
computer problem!