Goblo
Utenti-
Numero contenuti
277 -
Iscritto
-
Ultima visita
Tutti i contenuti di Goblo
-
Ciao Lisander, purtroppo, non va molto meglio. Visualizzo ancora pubblicità utilizzando chrome. In allegato i due report. Grazie del supporto AdwCleanerS2.txt hijackthis.log
-
Salve a tutti, mi rivolgo a voi perché sono in possesso di un portatile di un mio amico (Toshiba NB200) e non riesco a risolvere in nessun modo il suo problema. In pratica se accendo il pc lavorandoci anche soltanto per 5 minuti, successivamente se provo il riavvio o se lo spengo e voglio riaccenderlo il portatile non si accende in nessun modo. Lo schermo resta nero ed, anche dopo svariati tentativi nulla cambia. Invece, se aspetto un'oretta e riprovo il pc parte ed è perfettamente funzionante. Ho provato a fare anche scansioni con Avira e Malwarebytes Anti-Malware ma il problema persiste. E' come se fosse un problema legato alla temperatura. Per sicurezza e per un vostro consiglio da esperti allego il log di HJT. Grazie mille e buona serata hijackthis.log
-
Ok, grazie per i chiarimenti
-
Lisander, grazie per la riposta. Il log, quindi, è pulito? Non c'è una soluzione software?
-
Salve, posto in allegato il log di HJT. Ho notato da qualche settimana un discreto rallentamento nelle prestazioni del pc. Grazie mille in anticipo hijackthis.log
-
CIao, ho terminato questa procedura ed il pc mi sembra ancora più performante! Posso conoscere che tipo di infezione/i era presente e di cosa si trattava? Grazie ancora
-
Decisamente...decisamente meglio Non riscontro alcun problema, ma in caso già so a chi rivolgermi ihihi Grazie mille per la pazienza!
-
-
Figurati Mr 4011,
-
-
Ho eseguito quanto detto ma, anche dopo il riavvio, non mi è stato rilasciato alcun log.
-
Mr 4011 Il pc ora va decisamente meglio, i tempi di risposta per effettuare qualsiasi operazione si sono abbassati di tanto, e questo grazie a te
-
Ciao Mr 4011, ho eseguito OLT, ma quest'ultima volta è capitata una cosa abbastanza strana. Sul desktop son saltati fuori 6 file nascosti di cui due file "desktop.ini" ed altri 4 file .docx che non ho aperto per sicurezza. Inoltre non mi è stato rilasciato alcun log.
-
OTL logfile created on: 04/03/2013 11.56.22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,75% Memory free 4,23 Gb Paging File | 2,95 Gb Available in Paging File | 69,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,43 Gb Total Space | 35,51 Gb Free Space | 39,70% Space Free | Partition Type: NTFS Drive D: | 59,62 Gb Total Space | 32,48 Gb Free Space | 54,48% Space Free | Partition Type: NTFS Computer Name: PC-ASUS | User Name: Asus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Asus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\niSvcLoc.exe (National Instruments) ========== Modules (No Company Name) ========== MOD - C:\Users\Asus\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Asus\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\WinRAR\rarext.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype 6\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (niSvcLoc) -- C:\Windows\System32\niSvcLoc.exe (National Instruments) SRV - (NILM License manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (netr28u) -- system32\DRIVERS\netr28u.sys File not found DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (ASInsHelp) -- C:\Windows\system32\drivers\AsInsHelp32.sys File not found DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (Haspnt) -- C:\Windows\System32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Windows ® 2000 DDK provider) DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron ) DRV - (DS1410D) -- C:\Windows\System32\drivers\DS1410d.SYS (Dallas Semiconductor MAXIM) DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys () DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trophymanager.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{F7C67426-58DD-46BC-89CF-076312D1DF4C}: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.libero.it" FF - prefs.js..extensions.enabledAddons: forcetls%40sid.stamm:3.0.1 FF - prefs.js..extensions.enabledAddons: it-IT%40dictionaries.addons.mozilla.org:3.3.2 FF - prefs.js..extensions.enabledAddons: shan.developer%40gmail.com:1.0.4 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.6 FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.7.7 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.6 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.3 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9rc1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.3.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: shan.developer@gmail.com:1.0.4 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: lcdclock_bloodeye@gmail.com:0.4.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: forcetls@sid.stamm:3.0.0 FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Asus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 11.58.06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/20 11.57.57 | 000,000,000 | ---D | M] [2009/12/27 19.52.50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions [2009/12/27 19.52.50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013/03/02 19.36.12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions [2012/12/24 17.45.25 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013/02/14 17.26.35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012/09/26 09.44.14 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\FasterFox_Lite@BigRedBrent [2012/03/13 12.10.51 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\it-IT@dictionaries.addons.mozilla.org [2011/03/20 00.30.25 | 000,000,000 | ---D | M] (Rights To Close) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\shan.developer@gmail.com [2012/05/10 17.02.48 | 000,114,012 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\forcetls@sid.stamm.xpi [2013/03/02 19.36.12 | 000,343,105 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\personas@christopher.beard.xpi [2012/01/12 17.31.19 | 000,165,730 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\simpletimerClocks@grbradt.org.xpi [2012/12/27 12.44.13 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013/03/02 19.36.11 | 000,532,389 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/02/25 11.09.08 | 000,115,869 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013/02/14 12.00.25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/10/30 21.34.13 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013/02/28 11.40.04 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013/02/20 11.57.55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009/09/26 09.52.14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013/02/20 11.58.06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/12/07 13.29.11 | 000,001,606 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml [2012/08/29 16.04.29 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/07 13.29.11 | 000,000,957 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml [2012/12/07 13.29.11 | 000,001,030 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml [2012/12/07 13.29.11 | 000,001,395 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml [2012/12/07 13.29.11 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Program Files\SumatraPDF\npPdfViewer.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Asus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Asus\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: TM Auxiliary - Menu Hover Test = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmjobecnlhmffchebancgllopccbgb\1.0.1_0\ CHR - Extension: TM Auxiliary - Player Page = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfpmcanjhhjojjgaifcfahjeklkkjkk\1.0.1_0\ CHR - Extension: Splendid = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\ CHR - Extension: YouTube = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: AdBlock = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: TM Auxiliary - Player List = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oianljogbaebheldjhiemnfkpmggkfee\1.0.0_0\ CHR - Extension: TM Auxiliary - Advanced Training Overview = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omnolpjpemgjdjfpidfhjlipjmhkdabe\1.0.2_2\ CHR - Extension: Gmail = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/02 18.59.39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7628A306-FEFA-47FB-9F4B-AA1241714552}: NameServer = 193.70.152.15,193.70.152.25 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/03/04 11.58.46 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\Pulizia Pc [2013/03/02 19.02.16 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/03/02 18.59.36 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\temp [2013/03/02 18.35.28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/02 18.35.27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/02 18.35.27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/02 18.35.21 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/03/01 12.36.18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/01 12.36.05 | 000,000,000 | ---D | C] -- C:\JRT [2013/02/26 12.29.54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/02/25 16.01.00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/25 16.00.02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/25 15.59.59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/25 15.59.59 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/02/20 11.57.54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/19 11.05.35 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{3D494E1A-76DB-444F-BB7E-7F486B63ECD6} [2013/02/14 11.32.14 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{6257247F-E48E-4159-B9BE-004BB8A2ADF0} [2013/02/12 12.22.50 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{125987F4-B2FC-47AA-B926-8EC6701DB1F4} [2013/02/11 12.35.24 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{B72AECCE-8784-4058-A0FC-BD2AFC8EBAE7} [2013/02/09 20.18.20 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\Ing. Fucci [2013/02/07 13.32.43 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{A8CAC80D-6928-4A6C-8E19-FB553A7DFFB5} [2013/02/06 16.35.52 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E0A705D3-FCBB-43B4-9CCC-F388E2109B26} [2013/02/05 16.22.23 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{EA87C954-630C-4876-9874-A5867461394F} [2013/02/04 19.40.28 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\Lavoro [2013/02/04 11.40.09 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D3281B20-9DFA-4F17-9383-5D3EEE7DBB5A} ========== Files - Modified Within 30 Days ========== [2013/03/04 11.58.44 | 000,025,070 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\nvModes.001 [2013/03/04 11.07.01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417020736-3956469301-586048187-1000UA.job [2013/03/04 10.21.49 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013/03/04 10.21.30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/04 10.21.30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/04 10.21.08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/04 01.37.19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/03/04 01.07.00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417020736-3956469301-586048187-1000Core.job [2013/03/02 18.59.39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/03/02 17.37.02 | 000,715,966 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2013/03/02 17.37.02 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/02 17.37.02 | 000,144,130 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2013/03/02 17.37.02 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/27 16.56.46 | 000,192,512 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/26 12.57.20 | 000,263,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/25 16.01.00 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/19 20.27.46 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/02/16 17.42.17 | 000,167,365 | ---- | M] () -- C:\Users\Asus\Desktop\CV[bisogno Paolo Luigi].pdf [2013/02/13 11.39.43 | 000,113,024 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2013/02/13 11.39.43 | 000,092,448 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2013/02/02 14.57.05 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ========== Files Created - No Company Name ========== [2013/03/02 18.35.28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/02 18.35.28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/02 18.35.27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/02 18.35.27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/02 18.35.27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/25 16.01.00 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/16 18.24.51 | 000,167,365 | ---- | C] () -- C:\Users\Asus\Desktop\CV[bisogno Paolo Luigi].pdf [2012/12/31 18.54.12 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011/09/04 15.10.10 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/08/22 00.11.39 | 000,086,056 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011/05/23 16.29.11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/05/07 12.25.49 | 000,011,328 | ---- | C] () -- C:\Users\Asus\gsview32.ini [2010/03/11 18.47.20 | 000,025,070 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\nvModes.001 [2010/03/11 13.16.42 | 000,025,070 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\nvModes.dat [2010/02/02 17.13.26 | 000,000,377 | ---- | C] () -- C:\Users\Asus\Documenti - collegamento (2).lnk [2010/01/14 12.31.32 | 000,000,092 | ---- | C] () -- C:\Users\Asus\AppData\Local\fusioncache.dat [2010/01/08 00.36.13 | 000,000,377 | ---- | C] () -- C:\Users\Asus\Documenti - collegamento.lnk [2009/11/16 21.52.54 | 000,000,032 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\msdreg.dat [2009/10/29 20.48.41 | 000,000,600 | ---- | C] () -- C:\Users\Asus\PUTTY.RND [2009/09/27 11.25.06 | 000,192,512 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/23 09.59.06 | 000,000,680 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 13.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/02/07 17.57.16 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Camfrog [2011/09/03 23.23.49 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Lite [2013/03/04 11.35.44 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Dropbox [2011/12/08 22.36.44 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Electronic Arts [2010/03/30 17.23.16 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Ethereal [2012/02/16 16.36.17 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Feedreader [2011/08/18 09.48.42 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\GameRanger [2010/12/07 18.27.57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\GlarySoft [2012/10/28 11.14.21 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\HandBrake [2009/11/22 20.06.21 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\InfraRecorder [2011/09/04 13.49.03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\IObit [2010/10/03 18.05.01 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Leadertech [2010/09/29 14.29.48 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Locktime [2010/09/28 19.40.51 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mkvtoolnix [2009/11/16 21.52.53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\MSDict [2010/03/23 23.31.44 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Nokia [2010/03/01 21.15.57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PC Suite [2009/09/25 13.56.07 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PCToolsFirewallPlus [2011/09/26 11.36.46 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\redsn0w [2009/12/03 16.32.05 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Softland [2011/09/08 09.58.17 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SumatraPDF [2011/09/09 13.51.23 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TeamViewer [2011/11/22 15.01.52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TmRecorder [2012/03/23 11.27.30 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\UDC Profiles [2013/02/21 17.43.40 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > :)
-
Senza nessuna direttiva come in precedenza, giusto?
-
Log di ESET pulito
-
-
Ecco il log di Combofix Dopo il riavvio, durante la scansione mi è apparso l'avviso che ho inserito in allegato. Buon fine settimana
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.6 (02.27.2013:1) OS: Windows Vista Home Premium x86 Ran by Asus on 01/03/2013 at 12.36.26,10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\LogMeInClient@logmein.com Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\minidumps [203 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01/03/2013 at 12.39.30,65 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Grazie davvero Mr 4011, sei gentilissimo per il supporto che mi stai offrendo
-
# AdwCleaner v2.113 - Logfile creato il 01/03/2013 alle 12:26:00 # Aggiornamento 23/02/2013 by Xplode # Sistema Operativo : Windows Vista Home Premium Service Pack 2 (32 bits) # Utente : Asus - PC-ASUS # Modalità Avvio : Modalità Normale # Eseguito da : C:\Users\Asus\Desktop\AdwCleaner.exe # Opzioni [Elimina] ***** [servizi] ***** ***** [File / Cartelle] ***** Cartella Eliminato : C:\ProgramData\Babylon Cartella Eliminato : C:\Users\Asus\AppData\Local\Babylon Cartella Eliminato : C:\Users\Asus\AppData\Roaming\Babylon Cartella Eliminato : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\78ljeyi4.default\extensions\staged Cartella Eliminato : C:\Users\Asus\AppData\Roaming\pdfforge File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Eliminato : C:\user.js ***** [Registro] ***** Chiave Eliminata : HKCU\Software\APN PIP Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Chiave Eliminata : HKLM\Software\Babylon Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Chiave Eliminata : HKLM\Software\PIP ***** [browser Internet] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registro Pulito. -\\ Mozilla Firefox v19.0 (it) File : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\78ljeyi4.default\prefs.js C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\78ljeyi4.default\user.js ... Eliminato ! Eliminata : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Eliminata : user_pref("browser.search.defaultengine", "Ask.com"); Eliminata : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Eliminata : user_pref("browser.search.order.1", "Search the web (Babylon)"); Eliminata : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Eliminata : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Eliminata : user_pref("extensions.BabylonToolbar_i.babExt", ""); Eliminata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304"); Eliminata : user_pref("extensions.BabylonToolbar_i.hardId", "a4d041b60000000000000013e811e2e1"); Eliminata : user_pref("extensions.BabylonToolbar_i.id", "a4d041b60000000000000013e811e2e1"); Eliminata : user_pref("extensions.BabylonToolbar_i.instlDay", "15422"); Eliminata : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", true); Eliminata : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111304&babsrc=N[...] Eliminata : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Eliminata : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Eliminata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Eliminata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Eliminata : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Eliminata : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:09:51"); Eliminata : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Eliminata : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=a4d041b6000000[...] File : C:\Users\Generico\AppData\Roaming\Mozilla\Firefox\Profiles\t7dsitci.default\prefs.js [OK] File Pulito. -\\ Google Chrome v25.0.1364.97 File : C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File Pulito. ************************* AdwCleaner[s1].txt - [4591 octets] - [01/03/2013 12:26:00] ########## EOF - C:\AdwCleaner[s1].txt - [4651 octets] ##########
-
Spero di aver eseguito tutte le operazioni nel modo corretto. Grazie MBR.zip
-
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-02-27 13:03:20 ----------------------------- 13:03:20.016 OS Version: Windows 6.0.6002 Service Pack 2 13:03:20.016 Number of processors: 2 586 0xF0A 13:03:20.017 ComputerName: PC-ASUS UserName: Asus 13:03:21.866 Initialize success 13:03:42.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 13:03:42.344 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3 13:03:42.360 Disk 0 MBR read successfully 13:03:42.365 Disk 0 MBR scan 13:03:42.368 Disk 0 Windows VISTA default MBR code 13:03:42.393 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 91576 MB offset 2048 13:03:42.397 Disk 0 Partition - 00 0F Extended LBA 61049 MB offset 187549696 13:03:42.423 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 61048 MB offset 187551744 13:03:42.429 Disk 0 scanning sectors +312578048 13:03:42.488 Disk 0 scanning C:\Windows\system32\drivers 13:03:49.893 Service scanning 13:04:09.787 Modules scanning 13:04:23.184 Disk 0 trace - called modules: 13:04:23.192 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 13:04:23.194 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864612d0] 13:04:23.194 3 CLASSPNP.SYS[88da58b3] -> nt!IofCallDriver -> [0x85a53688] 13:04:23.195 5 acpi.sys[806a46bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a4c030] 13:04:23.195 Scan finished successfully 13:20:28.283 Disk 0 MBR has been saved successfully to "C:\Users\Asus\Desktop\MBR.dat" 13:20:28.290 The log file has been saved successfully to "C:\Users\Asus\Desktop\aswMBR.txt"
-
OTL logfile created on: 27/02/2013 12.19.02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,29% Memory free 4,23 Gb Paging File | 2,88 Gb Available in Paging File | 67,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,43 Gb Total Space | 39,72 Gb Free Space | 44,41% Space Free | Partition Type: NTFS Drive D: | 59,62 Gb Total Space | 32,48 Gb Free Space | 54,48% Space Free | Partition Type: NTFS Computer Name: PC-ASUS | User Name: Asus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Asus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Skype 6\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\niSvcLoc.exe (National Instruments) ========== Modules (No Company Name) ========== MOD - C:\Users\Asus\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Asus\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll () MOD - C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\WinRAR\rarext.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype 6\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (niSvcLoc) -- C:\Windows\System32\niSvcLoc.exe (National Instruments) SRV - (NILM License manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (netr28u) -- system32\DRIVERS\netr28u.sys File not found DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (ASInsHelp) -- C:\Windows\system32\drivers\AsInsHelp32.sys File not found DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (Haspnt) -- C:\Windows\System32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Windows ® 2000 DDK provider) DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron ) DRV - (DS1410D) -- C:\Windows\System32\drivers\DS1410d.SYS (Dallas Semiconductor MAXIM) DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys () DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trophymanager.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=a4d041b60000000000000013e811e2e1 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=PTV&o=&src=crm&q={searchTerms}&locale= IE - HKCU\..\SearchScopes\{F7C67426-58DD-46BC-89CF-076312D1DF4C}: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.libero.it" FF - prefs.js..extensions.enabledAddons: forcetls%40sid.stamm:3.0.1 FF - prefs.js..extensions.enabledAddons: it-IT%40dictionaries.addons.mozilla.org:3.3.2 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: shan.developer%40gmail.com:1.0.4 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.6 FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.7.7 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.6 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8rc4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.3.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: shan.developer@gmail.com:1.0.4 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: lcdclock_bloodeye@gmail.com:0.4.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: forcetls@sid.stamm:3.0.0 FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=a4d041b60000000000000013e811e2e1&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 11.58.06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/20 11.57.57 | 000,000,000 | ---D | M] [2009/12/27 19.52.50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions [2009/12/27 19.52.50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013/02/27 10.55.10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions [2012/12/24 17.45.25 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013/02/14 17.26.35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012/09/26 09.44.14 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\FasterFox_Lite@BigRedBrent [2012/03/13 12.10.51 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\it-IT@dictionaries.addons.mozilla.org [2011/10/12 18.46.16 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\LogMeInClient@logmein.com [2011/03/20 00.30.25 | 000,000,000 | ---D | M] (Rights To Close) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\78ljeyi4.default\extensions\shan.developer@gmail.com [2012/05/10 17.02.48 | 000,114,012 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\forcetls@sid.stamm.xpi [2011/05/08 18.33.58 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\personas@christopher.beard.xpi [2012/01/12 17.31.19 | 000,165,730 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\simpletimerClocks@grbradt.org.xpi [2012/12/27 12.44.13 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013/02/27 10.55.10 | 000,531,371 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/02/25 11.09.08 | 000,115,869 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013/02/14 12.00.25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/10/30 21.34.13 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013/01/28 09.24.51 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\78ljeyi4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013/02/20 11.57.55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009/09/26 09.52.14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013/02/20 11.58.06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/12/07 13.29.11 | 000,001,606 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml [2012/03/23 12.09.30 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/08/29 16.04.29 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/07 13.29.11 | 000,000,957 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml [2012/12/07 13.29.11 | 000,001,030 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml [2012/12/07 13.29.11 | 000,001,395 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml [2012/12/07 13.29.11 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Program Files\SumatraPDF\npPdfViewer.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Asus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Asus\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: TM Auxiliary - Menu Hover Test = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmjobecnlhmffchebancgllopccbgb\1.0.1_0\ CHR - Extension: TM Auxiliary - Player Page = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfpmcanjhhjojjgaifcfahjeklkkjkk\1.0.1_0\ CHR - Extension: Splendid = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\ CHR - Extension: YouTube = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: AdBlock = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: TM Auxiliary - Player List = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oianljogbaebheldjhiemnfkpmggkfee\1.0.0_0\ CHR - Extension: TM Auxiliary - Advanced Training Overview = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omnolpjpemgjdjfpidfhjlipjmhkdabe\1.0.2_2\ CHR - Extension: Gmail = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/03 19.32.22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7628A306-FEFA-47FB-9F4B-AA1241714552}: NameServer = 193.70.152.15,193.70.152.25 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/02/27 12.17.25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe [2013/02/26 12.29.54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/02/26 12.29.37 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/26 12.29.22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/02/26 12.29.22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/02/26 12.29.22 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/02/26 12.26.24 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/26 12.26.24 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/25 16.01.00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/25 16.00.02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/25 15.59.59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/25 15.59.59 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/02/20 11.57.54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/19 11.05.35 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{3D494E1A-76DB-444F-BB7E-7F486B63ECD6} [2013/02/14 11.32.14 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{6257247F-E48E-4159-B9BE-004BB8A2ADF0} [2013/02/13 17.11.42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/13 17.11.40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/13 17.11.39 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/13 17.11.39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/02/13 17.11.39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/13 17.11.38 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/02/13 17.11.38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/13 17.11.37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/02/13 12.01.11 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/13 12.01.11 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013/02/13 12.00.09 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/13 12.00.08 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/12 12.22.50 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{125987F4-B2FC-47AA-B926-8EC6701DB1F4} [2013/02/11 12.35.24 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{B72AECCE-8784-4058-A0FC-BD2AFC8EBAE7} [2013/02/09 20.18.20 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\Ing. Fucci [2013/02/07 13.32.43 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{A8CAC80D-6928-4A6C-8E19-FB553A7DFFB5} [2013/02/06 16.35.52 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E0A705D3-FCBB-43B4-9CCC-F388E2109B26} [2013/02/05 16.22.23 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{EA87C954-630C-4876-9874-A5867461394F} [2013/02/04 19.40.28 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\Lavoro [2013/02/04 11.40.09 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D3281B20-9DFA-4F17-9383-5D3EEE7DBB5A} [2013/02/01 17.57.24 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{886E0AF6-D10B-41E9-AB8E-B784F4BA2B4A} [2013/01/31 21.23.55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/01/31 21.23.54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype 6 [2013/01/31 21.23.54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/01/31 17.29.16 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{C11D056E-5E20-4D67-A799-DC92FEAF6903} ========== Files - Modified Within 30 Days ========== [2013/02/27 12.17.28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe [2013/02/27 12.07.00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417020736-3956469301-586048187-1000UA.job [2013/02/27 10.38.36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/27 10.38.36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/27 10.38.15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/27 02.21.45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/02/27 01.07.00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417020736-3956469301-586048187-1000Core.job [2013/02/27 00.55.10 | 000,025,070 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\nvModes.001 [2013/02/26 12.57.20 | 000,263,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/26 12.29.09 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/02/26 12.29.07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/02/26 12.29.07 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/26 12.29.07 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/02/26 12.29.07 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/02/26 12.29.06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/02/26 12.26.24 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/26 12.26.24 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/25 16.01.00 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/20 18.29.45 | 000,192,512 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/19 20.27.46 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/02/16 17.42.17 | 000,167,365 | ---- | M] () -- C:\Users\Asus\Desktop\CV[bisogno Paolo Luigi].pdf [2013/02/16 17.29.08 | 000,715,966 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2013/02/16 17.29.08 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/16 17.29.08 | 000,144,130 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2013/02/16 17.29.08 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/13 11.39.43 | 000,113,024 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2013/02/13 11.39.43 | 000,092,448 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2013/02/02 14.57.05 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ========== Files Created - No Company Name ========== [2013/02/25 16.01.00 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/16 18.24.51 | 000,167,365 | ---- | C] () -- C:\Users\Asus\Desktop\CV[bisogno Paolo Luigi].pdf [2012/12/31 18.54.12 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011/09/04 15.10.10 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/08/22 00.11.39 | 000,086,056 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011/05/23 16.29.11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/05/07 12.25.49 | 000,011,328 | ---- | C] () -- C:\Users\Asus\gsview32.ini [2010/03/11 18.47.20 | 000,025,070 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\nvModes.001 [2010/03/11 13.16.42 | 000,025,070 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\nvModes.dat [2010/02/02 17.13.26 | 000,000,377 | ---- | C] () -- C:\Users\Asus\Documenti - collegamento (2).lnk [2010/01/14 12.31.32 | 000,000,092 | ---- | C] () -- C:\Users\Asus\AppData\Local\fusioncache.dat [2010/01/08 00.36.13 | 000,000,377 | ---- | C] () -- C:\Users\Asus\Documenti - collegamento.lnk [2009/11/16 21.52.54 | 000,000,032 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\msdreg.dat [2009/10/29 20.48.41 | 000,000,600 | ---- | C] () -- C:\Users\Asus\PUTTY.RND [2009/09/27 11.25.06 | 000,192,512 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/23 09.59.06 | 000,000,680 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 13.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/03/23 12.09.20 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Babylon [2013/02/07 17.57.16 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Camfrog [2011/09/03 23.23.49 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Lite [2013/02/25 16.28.23 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Dropbox [2011/12/08 22.36.44 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Electronic Arts [2010/03/30 17.23.16 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Ethereal [2012/02/16 16.36.17 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Feedreader [2011/08/18 09.48.42 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\GameRanger [2010/12/07 18.27.57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\GlarySoft [2012/10/28 11.14.21 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\HandBrake [2009/11/22 20.06.21 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\InfraRecorder [2011/09/04 13.49.03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\IObit [2010/10/03 18.05.01 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Leadertech [2010/09/29 14.29.48 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Locktime [2010/09/28 19.40.51 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mkvtoolnix [2009/11/16 21.52.53 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\MSDict [2010/03/23 23.31.44 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Nokia [2010/03/01 21.15.57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PC Suite [2009/09/25 13.56.07 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PCToolsFirewallPlus [2012/03/23 12.09.24 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\pdfforge [2011/09/26 11.36.46 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\redsn0w [2009/12/03 16.32.05 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Softland [2011/09/08 09.58.17 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SumatraPDF [2011/09/09 13.51.23 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TeamViewer [2011/11/22 15.01.52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TmRecorder [2012/03/23 11.27.30 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\UDC Profiles [2013/02/21 17.43.40 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/10/12 18.37.56 | 000,001,024 | ---- | M] () -- C:\.rnd [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 07.36.36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008/04/16 12.27.17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2007/04/04 20.01.54 | 000,000,019 | ---- | M] () -- C:\CA21.txt [2006/09/18 22.43.37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009/12/13 12.16.53 | 000,000,000 | ---- | M] () -- C:\ctapi_out_gr.txt [2009/09/23 11.27.41 | 000,286,720 | ---- | M] () -- C:\Debug.txt [2009/11/03 18.29.56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/08/01 12.04.16 | 000,000,122 | ---- | M] () -- C:\mbam-error.txt [2009/11/03 18.29.56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/02/27 10.38.08 | 2460,532,736 | -HS- | M] () -- C:\pagefile.sys [2009/11/09 18.11.12 | 000,025,410 | ---- | M] () -- C:\TI_InstallLog.txt [2012/03/23 12.10.00 | 000,000,237 | ---- | M] () -- C:\user.js < %systemroot%\Fonts\*.com > [2006/11/02 13.37.12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 13.37.12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 13.37.12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/09/26 12.02.35 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006/09/18 22.37.34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2007/02/08 23.00.00 | 000,026,364 | ---- | M] (Brother Industries ,Ltd ) -- C:\Windows\system32\spool\prtprocs\w32x86\brmfpp1.dll [2008/01/21 03.23.14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL [2006/11/02 13.35.48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll [2011/12/21 13.35.38 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LMIproc.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008/01/21 03.43.21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2008/01/21 04.14.18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/21 04.14.08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/21 04.14.18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 11.34.08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 11.34.08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %PROGRAMFILES%\Internet Explorer\*.dat > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2012/11/21 11.51.25 | 000,000,344 | -HS- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini < %USERPROFILE%\Desktop\*.exe > [2013/02/27 12.17.28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-02-13 16:17:33 < End of report >
-
OTL Extras logfile created on: 27/02/2013 12.19.02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,29% Memory free 4,23 Gb Paging File | 2,88 Gb Available in Paging File | 67,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,43 Gb Total Space | 39,72 Gb Free Space | 44,41% Space Free | Partition Type: NTFS Drive D: | 59,62 Gb Total Space | 32,48 Gb Free Space | 54,48% Space Free | Partition Type: NTFS Computer Name: PC-ASUS | User Name: Asus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1417020736-3956469301-586048187-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07751A0C-1AC2-4FB5-8DEB-66352D818477}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe | "{11826264-0D79-4E57-B494-2DCED5794B02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{177305AF-5B72-4695-902C-B8367D20B590}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1E333525-28D6-41C6-B08D-2313A0BA8276}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{22BA1648-2C70-4CA2-87C1-AD53A951CDC7}" = lport=445 | protocol=6 | dir=in | app=system | "{2544AEE6-5396-498F-8FE8-65448B402B49}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{28152570-E5B6-4BFF-89AA-0A8239F8E32A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2B4E9D15-69F0-4520-BC7E-52337A3F6866}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2E69D4EF-1829-45D3-BAD9-DBE8B3C2B65F}" = lport=2869 | protocol=6 | dir=in | app=system | "{313E5154-9182-4456-8581-18544DF8BEBC}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe | "{36BEAD16-F88C-4290-AA0C-C2EE8B5D6A66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{37781552-5F17-4396-AE8C-0E99136989C8}" = rport=139 | protocol=6 | dir=out | app=system | "{38770E90-EBDF-417A-B37F-408B6AC2647F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3E8A3772-6244-4D7E-9621-37380AAE0CFA}" = rport=138 | protocol=17 | dir=out | app=system | "{3EC789BD-5357-4046-9219-1E60ABD2FACC}" = lport=5357 | protocol=6 | dir=in | app=system | "{464C55B6-C2ED-4E08-9DC9-62AF0020CB4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{474D5B85-5734-4F9B-9D20-5CFB7F4E0819}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{4B14BC08-087F-437C-A6F7-90858A89B719}" = lport=137 | protocol=17 | dir=in | app=system | "{575983FA-BDF3-4515-A5F5-78AE35A1403F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5AEF06A6-7793-4775-AD8E-D6792B8E61AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5C760EE4-A89E-4539-91FE-25E8170606FE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{69D048F5-1D90-4930-B9E8-C752159F24A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6AB3E73A-C86C-4CF3-9A6A-59E1398F5E38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6BADF28B-2B9D-4270-9AFA-325A4278AEE5}" = rport=137 | protocol=17 | dir=out | app=system | "{6D5132EE-2DE7-46E2-9A97-D552954C74DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{710957BA-D7FD-42A8-9FA6-D963E693955B}" = rport=10243 | protocol=6 | dir=out | app=system | "{7114D261-6D43-4945-B993-76164153C56E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7274C225-37A3-431A-8E5B-9012F33AFB45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7CD51EB7-4B5B-479F-810F-07B2D4DF4C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7DAD81BB-DEE4-41AA-8445-DBCD9E080661}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{81492E25-FF75-4388-893C-0BC254CC4F49}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{88356EC9-EA7C-4871-A80A-81A04FA5767E}" = rport=2869 | protocol=6 | dir=out | app=system | "{88D49DFF-C4B9-4B03-AB2D-B9BB8313524E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{94E5CF65-9D22-443F-AD04-BFB9EF2394C9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{98B37705-D9D4-4941-B399-DF9B4A341699}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9B8E9507-9A80-47C3-81CC-CE2D6BB7CA41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9DC5CAC6-0D66-4B3D-95B0-F9C224A87292}" = lport=138 | protocol=17 | dir=in | app=system | "{9DEBBA69-2728-49FF-BEC0-A2E992FBB54C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9F9ADAE4-3F1E-44CF-B6D2-56DB189F8C82}" = lport=2869 | protocol=6 | dir=in | app=system | "{A27D41F8-D56C-4FDC-A039-E073AFB7D2F3}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{A6EE6C37-9491-44EF-ACB8-CBEDFA7E485F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A8C0F1A9-0101-4184-8DC5-4387C0FAEB96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A99D8628-B335-4767-B3C3-5E3EEEC4FEDA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{AB980C80-EA85-4268-A620-0530DB15C114}" = lport=5358 | protocol=6 | dir=in | app=system | "{B634F000-DD4A-4709-A5A3-88AB0F812A86}" = lport=10243 | protocol=6 | dir=in | app=system | "{B9EEF673-06D3-4D3F-A853-F7C033F7564B}" = rport=5358 | protocol=6 | dir=out | app=system | "{C4DEA729-94F9-4B4E-8E44-9B7615A8EA8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C55CFA1E-7D65-4CCA-8F4B-01A576B79C36}" = lport=2869 | protocol=6 | dir=in | app=system | "{C7D932B5-2352-48BF-A206-C3DE8BA06CD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF6C4DFF-1A2D-4F1D-9450-3C0489DB2B78}" = lport=139 | protocol=6 | dir=in | app=system | "{E006A899-394E-4B50-8F24-B99824FAB512}" = lport=445 | protocol=6 | dir=in | app=system | "{E4004501-3393-471F-9CF5-75500E9D9562}" = rport=5357 | protocol=6 | dir=out | app=system | "{E86177A2-C18D-47BA-B621-2A62B507606F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{EAA0DA05-B578-4FC6-AF42-5518D4232150}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F65825A8-95EB-47D7-8778-504B03027241}" = lport=2869 | protocol=6 | dir=in | app=system | "{FC9E789C-433F-463F-A546-A28BF58C6ADF}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00434A9F-C8B9-43F0-A69D-8BE250F9EB3E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{06E51CD7-B015-4C22-8280-067B0C93CBB8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{07FE7426-811B-4B72-9DE0-77E542BE8A34}" = dir=in | app=c:\program files\skype 6\phone\skype.exe | "{1A5DA750-3E84-4593-A629-29D710F45994}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1A606131-72CE-4872-83BF-D15B3F4324F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1E56A1B0-6300-475D-A516-55A6CA40AE91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2BF9ECFF-60F5-49C7-B99A-E423FFCB9223}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{3055203B-3A61-4191-89C9-0A50089B988D}" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | "{3180E91D-C2E8-46F4-BB63-37BCD9F0F6DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{319AF8E9-8498-49DA-B688-89F573DDD70A}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{35739EE0-067E-4DCC-A483-CDFD67EE31D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{366AD377-7900-43A2-BCA8-B4D4029FBAF2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3DED0F90-BDE1-48A7-9D3B-49288E0F8E7F}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe | "{42B86452-80E7-43C9-87B0-ECB457E05E05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4BB7E27D-E5CF-4F30-BA44-0D0BDB6D804A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4C77283F-2793-4570-A273-21470F5EA22F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{4FA519D5-5C4F-4A12-8176-433F5E30C0A8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{5DD649AD-D056-4E7E-92A6-E49397AA96E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{66C0791C-70DF-4688-A9D8-4EE745D06D59}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe | "{7353E768-F957-411F-A61E-D2FAF19D86B5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7982A89A-EB56-4B0F-9895-5F267D401FEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{79AA39E2-A7A5-42DB-A2AF-2153590EB5F8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{7CF0A896-2665-49B1-AC07-DA044C4400D7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{809A777B-BF88-43D3-A34B-9F78F1FE45AF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{9D75563C-6D74-45D3-B196-49E12C495304}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{9EE43E04-E67E-483C-B7C3-FE37F530670A}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe | "{A0999FAB-747A-440E-9571-7AED52B0BA88}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{A5C6666B-18FB-4FFC-908C-9274FD71806F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A87A2556-0117-466D-961A-4D2EB31FCE04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A88F42ED-2D28-4BF1-A8AE-429B8FA23FD3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{AC3A200F-B52A-4E2E-9B1E-298068678DD1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{AD346C62-9E35-452E-A28F-694F51765C84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B3A07C73-D7F5-444C-90AB-902D65611219}" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | "{B527754B-93E1-4EC2-B9B9-3C54A5A50227}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BEC7E074-F05C-4E7E-8215-58F46C6E2E09}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{C60785FD-D1A0-48C7-BB1A-86591FB9498B}" = protocol=6 | dir=out | app=system | "{C8DEFB82-0701-48C0-8B50-09DBA89BFDB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA6480D6-D9B2-4706-AF2B-1F58DCD02FBC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{CA7DDEC3-D893-4E53-96F0-B40E23B3A9F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D327910D-4336-4E1C-9F5F-5CB27B5DB2CE}" = protocol=6 | dir=out | app=system | "{D5DC99FE-D844-4471-8191-3370806C6A73}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{DE32E302-61FA-406E-A6E8-672499050056}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E6650B18-4903-4ECA-9E78-1087583847F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EBAD7107-BB60-4218-8E0A-7DF5C31D3E33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EE6D1469-5326-4451-A320-3035C5AA6BCA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F9AB4628-D480-4C3A-9EB6-B88807C246F7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FE0BBF45-EA10-476A-9E65-DF12E7358FE4}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe | "TCP Query User{5BD5AC33-80B8-42FE-9AE7-D8F9DA1B4330}C:\program files\common files\texas instruments shared\cfv\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\common files\texas instruments shared\cfv\camfrog video chat\camfrog video chat.exe | "UDP Query User{6C2EB711-65C9-45AD-8EF1-51CB390C24B8}C:\program files\common files\texas instruments shared\cfv\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\common files\texas instruments shared\cfv\camfrog video chat\camfrog video chat.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}" = ASUS Direct Console "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{23C57C43-4982-49EC-8253-5146ECF097AD}" = BloomCalculator "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2C585265-527B-4D76-B9B4-2F037C33C40C}" = NI LabVIEW 7.0 Student Edition "{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3B3A53AC-E2E0-4516-B974-1F0DF20CD12E}" = NI LabVIEW Advanced Analysis 7.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Supporto applicazioni Apple "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BEC2867-0BF7-4A87-B459-003E3F20AFB1}" = NI Uninstaller 1.1.1f1 "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735AF21E-5436-4780-88F7-B5508F043A40}" = NI LVBrokerAux70 "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{73D3BADE-EC2F-4A5C-8F80-CB68AB704FF3}" = NI LabVIEW Run-Time Engine 7.0 "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7ABE69F4-DC12-48E5-973E-02D4A2F36AA6}" = NI LabVIEW CIN Tools 7.0 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B2780B0-78C5-4B32-AD97-491DABA4FB54}" = TMRecorder "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_STANDARD_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centro gestione dispositivi Windows Mobile "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AE77B453-7253-47D6-AD21-9FC10DD44D67}" = NI LabVIEW Picture Control Toolkit 7.0 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2 "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C6F38FDB-4BEB-4062-BE2F-2179F1A9B38F}" = NI LabVIEW Full 7.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1301690-1CC0-4137-AC29-D46591716155}" = TMRecorder "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E7BAFF4D-D4B0-4508-A370-743D49EFC28F}" = NI LVBroker "{EC60B018-251A-47E7-A838-CECB70AE46EF}" = NI LabVIEW Service Locator 1.0 "{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{FD950A83-5FA5-47F2-B0B1-296023420CB1}" = NI Instrument IO Assistant for LabVIEW 7.0 "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Internet Security "BetClic Poker" = BetClic Poker "CCleaner" = CCleaner "Defraggler" = Defraggler "HandBrake" = HandBrake 0.9.8 "HijackThis" = HijackThis 2.0.2 "InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.4.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) "Mozilla Firefox 19.0 (x86 it)" = Mozilla Firefox 19.0 (x86 it) "MozillaMaintenanceService" = Mozilla Maintenance Service "NI Uninstaller" = National Instruments Software "NVIDIA Drivers" = NVIDIA Drivers "pokersnai_real" = Poker Snai "ProInst" = Software Intel® PROSet/Wireless "SMSERIAL" = Motorola SM56 Speakerphone Modem "SpeedFan" = SpeedFan (remove only) "STANDARD" = Microsoft Office Standard 2007 "SumatraPDF" = SumatraPDF "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 6" = TeamViewer 6 "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.5 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMS" = Wild Media Server (UPnP, DLNA, HTTP) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26/02/2013 5.34.14 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = Error - 26/02/2013 7.19.41 | Computer Name = PC-Asus | Source = Application Error | ID = 1000 Description = Applicazione che ha generato l'errore firefox.exe, versione 19.0.0.4794, timestamp 0x511ed1c1, modulo che ha generato l'errore xul.dll, versione 19.0.0.4794, timestamp 0x511ed0fe, codice eccezione 0xc0000005, offset errore 0x00155858, ID processo 0x54c, data e ora di avvio dell'applicazione 0x01ce140dc7954892. Error - 26/02/2013 7.34.01 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = Error - 26/02/2013 7.42.51 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = Error - 26/02/2013 7.58.57 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = Error - 26/02/2013 10.05.28 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = Error - 26/02/2013 12.52.28 | Computer Name = PC-Asus | Source = Application Error | ID = 1000 Description = Applicazione che ha generato l'errore plugin-container.exe, versione 19.0.0.4794, timestamp 0x511ed156, modulo che ha generato l'errore NPSWF32_11_6_602_168.dll, versione 11.6.602.168, timestamp 0x511171f1, codice eccezione 0x80000003, offset errore 0x0033896d, ID processo 0xf84, data e ora di avvio dell'applicazione 0x01ce1440e0639040. Error - 26/02/2013 15.44.38 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = Error - 26/02/2013 19.45.27 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = Error - 27/02/2013 5.39.56 | Computer Name = PC-Asus | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 27/05/2010 14.42.52 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 01/11/2010 7.10.25 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 232 seconds with 120 seconds of active time. This session ended with a crash. Error - 11/11/2010 16.44.35 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 09/12/2010 12.56.34 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 09/12/2010 13.08.12 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/03/2011 8.10.03 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 24/09/2011 12.57.11 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 304 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/01/2013 10.53.22 | Computer Name = PC-Asus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 26/02/2013 19.45.26 | Computer Name = PC-Asus | Source = ipnathlp | ID = 34001 Description = ICS_IPV6: impossibile configurare lo stack IPv6. Error - 26/02/2013 19.45.26 | Computer Name = PC-Asus | Source = ipnathlp | ID = 30013 Description = Allocatore DHCP: allocatore disabilitato sull'indirizzo IP 192.168.1.102 perché l'indirizzo IP non rientra nell'ambito 192.168.0.0/255.255.255.0 da cui gli indirizzi vengono allocati ai client DHCP. Per abilitare l'allocatore DHCP su questo indirizzo IP, modificare l'ambito per includere l'indirizzo IP oppure modificare l'indirizzo IP in modo che rientri nell'ambito. Error - 26/02/2013 19.45.27 | Computer Name = PC-Asus | Source = Service Control Manager | ID = 7000 Description = Error - 26/02/2013 19.45.27 | Computer Name = PC-Asus | Source = Service Control Manager | ID = 7000 Description = Error - 26/02/2013 19.45.48 | Computer Name = PC-Asus | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 27/02/2013 5.38.56 | Computer Name = PC-Asus | Source = ipnathlp | ID = 34001 Description = ICS_IPV6: impossibile configurare lo stack IPv6. Error - 27/02/2013 5.38.57 | Computer Name = PC-Asus | Source = ipnathlp | ID = 30013 Description = Allocatore DHCP: allocatore disabilitato sull'indirizzo IP 192.168.1.102 perché l'indirizzo IP non rientra nell'ambito 192.168.0.0/255.255.255.0 da cui gli indirizzi vengono allocati ai client DHCP. Per abilitare l'allocatore DHCP su questo indirizzo IP, modificare l'ambito per includere l'indirizzo IP oppure modificare l'indirizzo IP in modo che rientri nell'ambito. Error - 27/02/2013 5.39.57 | Computer Name = PC-Asus | Source = Service Control Manager | ID = 7000 Description = Error - 27/02/2013 5.39.57 | Computer Name = PC-Asus | Source = Service Control Manager | ID = 7000 Description = Error - 27/02/2013 5.41.06 | Computer Name = PC-Asus | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report >
-
Come da titolo,mi son fidato della chiavetta sbagliata. L'ho inserita,avira ha rilevato due infezioni,l'ho tolta subito e dopo il riavvio il pc non è andato più come prima. In allegato il log. Grazie mille hijackthis.log
