Divina

WinGirls
  • Numero contenuti

    47
  • Iscritto

  • Ultima visita

Tutti i contenuti di Divina

  1. chiudo scusate mbam-log-2013-05-16 (14-05-01).txt hijackthis.log
  2. Buonasera, ho problemi con internet Explorer , è molto lento e non apre alcuni siti ne video si blocca e aggiorna la pagina molto spesso, problemi che con firefox non ho, allego log hijackthis.Grazie hijackthis.log
  3. ok con quest' ultimo file allegato credo di aver fatto tutto quello che mi hai chiesto, aspetto notizie grazie mille. MBR.rar
  4. aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-11 00:27:51 ----------------------------- 00:27:51.739 OS Version: Windows x64 6.1.7601 Service Pack 1 00:27:51.739 Number of processors: 4 586 0x2502 00:27:51.739 ComputerName: FRABA-PC UserName: Franca 00:27:53.596 Initialize success 00:28:25.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 00:28:25.288 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3 00:28:25.382 Disk 0 MBR read successfully 00:28:25.397 Disk 0 MBR scan 00:28:25.397 Disk 0 unknown MBR code 00:28:25.413 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 00:28:25.413 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459624 MB offset 409600 00:28:25.444 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17012 MB offset 941719552 00:28:25.460 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128 00:28:25.507 Disk 0 scanning C:\Windows\system32\drivers 00:28:34.477 Service scanning 00:28:50.545 Modules scanning 00:28:50.560 Disk 0 trace - called modules: 00:28:50.576 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys 00:28:50.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800586d060] 00:28:50.592 3 CLASSPNP.SYS[fffff880010bb43f] -> nt!IofCallDriver -> [0xfffffa8005704b10] 00:28:50.607 5 hpdskflt.sys[fffff88001dea189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a37050] 00:28:50.623 Scan finished successfully 00:29:00.232 Disk 0 MBR has been saved successfully to "C:\Users\Franca\Desktop\MBR.dat" 00:29:00.232 The log file has been saved successfully to "C:\Users\Franca\Desktop\aswMBR.txt" aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-11 00:27:51 ----------------------------- 00:27:51.739 OS Version: Windows x64 6.1.7601 Service Pack 1 00:27:51.739 Number of processors: 4 586 0x2502 00:27:51.739 ComputerName: FRABA-PC UserName: Franca 00:27:53.596 Initialize success 00:28:25.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 00:28:25.288 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3 00:28:25.382 Disk 0 MBR read successfully 00:28:25.397 Disk 0 MBR scan 00:28:25.397 Disk 0 unknown MBR code 00:28:25.413 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 00:28:25.413 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459624 MB offset 409600 00:28:25.444 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17012 MB offset 941719552 00:28:25.460 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128 00:28:25.507 Disk 0 scanning C:\Windows\system32\drivers 00:28:34.477 Service scanning 00:28:50.545 Modules scanning 00:28:50.560 Disk 0 trace - called modules: 00:28:50.576 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys 00:28:50.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800586d060] 00:28:50.592 3 CLASSPNP.SYS[fffff880010bb43f] -> nt!IofCallDriver -> [0xfffffa8005704b10] 00:28:50.607 5 hpdskflt.sys[fffff88001dea189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a37050] 00:28:50.623 Scan finished successfully 00:29:00.232 Disk 0 MBR has been saved successfully to "C:\Users\Franca\Desktop\MBR.dat" 00:29:00.232 The log file has been saved successfully to "C:\Users\Franca\Desktop\aswMBR.txt" aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-11 00:27:51 ----------------------------- 00:27:51.739 OS Version: Windows x64 6.1.7601 Service Pack 1 00:27:51.739 Number of processors: 4 586 0x2502 00:27:51.739 ComputerName: FRABA-PC UserName: Franca 00:27:53.596 Initialize success 00:28:25.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 00:28:25.288 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3 00:28:25.382 Disk 0 MBR read successfully 00:28:25.397 Disk 0 MBR scan 00:28:25.397 Disk 0 unknown MBR code 00:28:25.413 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 00:28:25.413 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459624 MB offset 409600 00:28:25.444 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17012 MB offset 941719552 00:28:25.460 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128 00:28:25.507 Disk 0 scanning C:\Windows\system32\drivers 00:28:34.477 Service scanning 00:28:50.545 Modules scanning 00:28:50.560 Disk 0 trace - called modules: 00:28:50.576 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys 00:28:50.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800586d060] 00:28:50.592 3 CLASSPNP.SYS[fffff880010bb43f] -> nt!IofCallDriver -> [0xfffffa8005704b10] 00:28:50.607 5 hpdskflt.sys[fffff88001dea189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a37050] 00:28:50.623 Scan finished successfully 00:29:00.232 Disk 0 MBR has been saved successfully to "C:\Users\Franca\Desktop\MBR.dat" 00:29:00.232 The log file has been saved successfully to "C:\Users\Franca\Desktop\aswMBR.txt" aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-11 00:27:51 ----------------------------- 00:27:51.739 OS Version: Windows x64 6.1.7601 Service Pack 1 00:27:51.739 Number of processors: 4 586 0x2502 00:27:51.739 ComputerName: FRABA-PC UserName: Franca 00:27:53.596 Initialize success 00:28:25.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 00:28:25.288 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3 00:28:25.382 Disk 0 MBR read successfully 00:28:25.397 Disk 0 MBR scan 00:28:25.397 Disk 0 unknown MBR code 00:28:25.413 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 00:28:25.413 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459624 MB offset 409600 00:28:25.444 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17012 MB offset 941719552 00:28:25.460 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128 00:28:25.507 Disk 0 scanning C:\Windows\system32\drivers 00:28:34.477 Service scanning 00:28:50.545 Modules scanning 00:28:50.560 Disk 0 trace - called modules: 00:28:50.576 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys 00:28:50.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800586d060] 00:28:50.592 3 CLASSPNP.SYS[fffff880010bb43f] -> nt!IofCallDriver -> [0xfffffa8005704b10] 00:28:50.607 5 hpdskflt.sys[fffff88001dea189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a37050] 00:28:50.623 Scan finished successfully 00:29:00.232 Disk 0 MBR has been saved successfully to "C:\Users\Franca\Desktop\MBR.dat" 00:29:00.232 The log file has been saved successfully to "C:\Users\Franca\Desktop\aswMBR.txt"
  5. OTL Extras logfile created on: 10/04/2013 23:43:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franca\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 3,93 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 50,41% Memory free 7,86 Gb Paging File | 5,20 Gb Available in Paging File | 66,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,85 Gb Total Space | 352,66 Gb Free Space | 78,57% Space Free | Partition Type: NTFS Drive D: | 16,61 Gb Total Space | 2,71 Gb Free Space | 16,30% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 95,10 Mb Free Space | 96,04% Space Free | Partition Type: FAT32 Computer Name: FRABA-PC | User Name: Franca | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0692267A-F246-4B5F-8395-6931034C5CD1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{0C273546-88B8-4529-A15B-8365EC69FA3D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{0E1384D9-C932-401C-88E2-C9B023AF3834}" = lport=139 | protocol=6 | dir=in | app=system | "{0F69C157-4078-44A4-9E25-8E603384139B}" = lport=445 | protocol=6 | dir=in | app=system | "{199E6948-F205-45A7-B9CB-11C09A9D5285}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{37336A5B-FC83-4999-BA23-114F27369D23}" = rport=137 | protocol=17 | dir=out | app=system | "{375E808F-70A3-45B5-958A-CFB541CA903F}" = rport=138 | protocol=17 | dir=out | app=system | "{38FF5F99-EB90-415E-8597-8F9AF6726075}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{575A002D-9D1E-45D5-B827-B594C358BC9C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5B9888AE-2F37-4678-B14A-317A9F92438E}" = lport=137 | protocol=17 | dir=in | app=system | "{613CF8AB-9E99-4A42-8AEE-166E4AC0632D}" = lport=49279 | protocol=6 | dir=in | name=akamai netsession interface | "{88678C8C-4D34-4168-A60A-789AECB0E08C}" = rport=139 | protocol=6 | dir=out | app=system | "{9A5C5436-0879-4CC1-9251-EE7B2EE6CED0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A465DEC8-47E0-4AD9-8CB8-FC77D2AF7BC4}" = lport=138 | protocol=17 | dir=in | app=system | "{B389F7A5-616C-4A56-9D65-C89A7A9311DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C3E6A372-C75F-4A4D-A881-2B1A85D09F45}" = lport=2869 | protocol=6 | dir=in | app=system | "{C4836E19-7F17-46F5-B5E8-ED03CB7B4385}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD683381-F278-4EDD-AB6F-F5C0FB6D5A99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CFFB2297-7AD7-43F2-8BA4-523D5B707B2B}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04465AEE-FD54-45D2-8567-24C1F1ACD5E2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{092E4DBD-C7ED-4DF7-ACD4-3193C8048983}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{0B998B5A-0F84-41BD-BA36-42BE7D897896}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{142FBEF9-8562-426A-BBD7-95F1566A69BA}" = protocol=6 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "{1603F81F-3535-4C2E-83B0-BDC0729375F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{2097940C-DEC4-4F74-8824-F32EC11B8E01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{23EB6552-4009-42FB-9065-FAA08993BDED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3137D671-67FD-48FF-A5EA-4D0C46A8ADE3}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\hptouchsmartphoto.exe | "{32DFD361-CE48-480E-980B-BDAEE4D6A159}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{355488C6-7078-458F-9A48-83236D10C07D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{3806C9CC-B91A-40A8-844B-7ED9907FD8B0}" = protocol=17 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "{3C70DDDB-E35B-408E-9529-B30FBB40CBC2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{3F07BD61-501B-4E73-A5DE-BD46D96050F4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{43019AAE-1888-4737-8767-445E5D5EBC6E}" = protocol=6 | dir=in | app=c:\program files (x86) eamviewer\version5 eamviewer.exe | "{43AC8B4F-F125-46E5-B6B7-4039660833CE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{46C61275-F31D-4CF8-8E1A-DD401043FAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{4B600AA2-D3C3-4426-8B01-1A7D682FDBD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4D6BA36D-554F-4172-81A9-3DE8D1B5B33C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5B4A2EE9-5E23-4482-8CB6-C21972B4A594}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5C8F6643-911E-45F8-80AD-5683439F7709}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{63A28933-BF80-4E31-9A24-4EE976F1FDB5}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{786024B3-67C9-49F5-8A7C-82B858990718}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7E7BC48C-4ECB-4622-A73E-351869BAEE90}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{82E58F3C-AAAC-4CF6-8DBA-63B6A4F3B14E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{85C6E4DC-3DD7-4860-9A81-72D22443D3E9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{88C61555-F7ED-4444-A09E-547F68916E0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8982ACA3-6D28-4856-ACA1-D934BD3AB357}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8B7A72C4-B3B4-44ED-B22D-B68E0CEBB7B7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8E312EB8-1BA2-45A2-ABEC-ACEF7FC7B66E}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{90D9A99F-947F-4F83-B707-2BC01847C0FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{93307741-EDDA-46CC-A121-EE638E9B1A29}" = protocol=17 | dir=in | app=c:\program files (x86) eamviewer\version5 eamviewer.exe | "{A24FEC84-3AAF-4BFE-8868-86A73769D4D5}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{A47A24B6-7AC8-4F7D-9631-B25E53AC3642}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A8D44F34-FF04-417B-8E22-45CA6BD5E246}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\hptouchsmartmusic.exe | "{AADEEEC2-6A2F-4408-A480-684FD869E00B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B10690A8-B574-4E02-AB01-EC7ADEFBB644}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B569D587-2D90-4C43-AB6F-1D37CB530D13}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media smagent.exe | "{BB32D6F8-F38D-4752-8099-38CB6CE910AE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BDC1C8DA-E2B6-4BD1-8A25-8C558CFB39CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C600BCFB-4EB2-4BF8-8499-4A62A719222B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C97F9A23-93DC-4496-B5B6-356BB5635BB3}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\hptouchsmartvideo.exe | "{C9A03DA9-AE8B-40BC-9368-58F6A2952E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{CEDAC8AA-0E14-4A9B-896C-683FAF09E35D}" = protocol=17 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer_service.exe | "{D19F2EA5-1F2A-4729-983F-300A82347B42}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{DF8782C6-67F3-4084-A62B-FFFF1B43C458}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{E0AF229C-C041-4B6B-AFDC-E8672660F24B}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\kernel\clml\clmlsvc.exe | "{E506CD03-B9CA-4E0D-B27A-F32473AE6C0B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{E628A6D0-F07B-4D39-9537-476C835893E6}" = protocol=17 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer.exe | "{E976DCF6-AE30-4DEC-9775-06905094656D}" = protocol=6 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer_service.exe | "{EF81C018-DE06-4DB3-BD91-3F8CB6333DD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F422C145-67FF-420E-B9D6-963A1514FF61}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{F8D71038-31C5-470C-B5B6-C962820B7F20}" = protocol=6 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer.exe | "TCP Query User{7441EEC2-6EDD-48C5-92E1-A1E05E9EDA67}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\ultima online mondain's legacy\client.exe | "TCP Query User{D6F385E4-8788-473B-811A-BE5A63270609}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | "TCP Query User{E8D18DD5-06D6-4397-A17B-405D3540D476}C:\users\franca\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "TCP Query User{F9E34D85-6133-4DD6-A271-EF3D0778834B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{419AC317-9323-4273-948C-B04157D5E7EC}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | "UDP Query User{C5145141-E235-4F57-B5C1-0D328AEEAEF8}C:\users\franca\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "UDP Query User{E9ED0506-E373-435A-AC1F-8575E4DD73BC}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\ultima online mondain's legacy\client.exe | "UDP Query User{F383AC72-139A-4072-95F2-FAB8F9CCC87C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01651F94-6956-4F93-8AFE-0A30DB230BDB}" = HP 3D DriveGuard "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java 6 Update 22 (64-bit) "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver audio HD 1.3.23.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "CCleaner" = CCleaner "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) "SynTPDeinstKey" = Synaptics Pointing Device Driver "WNLT" = IB Updater Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0 "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DAF72C7-78D4-4823-BA66-FE8FE3D5BD0A}" = Installazione Guidata Alice ADSL "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2 "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{70C24EB5-5C57-4E24-B29D-AB425CE1866F}" = Aeria Ignite "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007 "{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007 "{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007 "{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Italiano "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5 "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Aeria Ignite" = Aeria Ignite "Aeria Ignite 1.11.2111" = Aeria Ignite "Akamai" = Akamai NetSession Interface Service "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira Free Antivirus "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "EasyBits Magic Desktop" = Magic Desktop "ENTERPRISE" = Microsoft Office Enterprise 2007 "GinyasBrowserCompanion" = GinyasBrowserCompanion "HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5 "HyperMediaCenter_is1" = HyperMediaCenter Software "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 it)" = Mozilla Firefox 19.0.2 (x86 it) "MozillaMaintenanceService" = Mozilla Maintenance Service "PhotoScape" = PhotoScape "Revo Uninstaller" = Revo Uninstaller 1.94 "Shaiya-IT" = Shaiya-IT "Sqirlz Water Reflections" = Sqirlz Water Reflections "TeamViewer 5" = TeamViewer 5 "TeamViewer 6" = TeamViewer 6 "uTorrent" = µTorrent "uTorrentBar_IT Toolbar" = uTorrentBar_IT Toolbar "WildTangent hp Master Uninstall" = HP Games "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "NGM Phonesuite" = NGM Phonesuite ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08/04/2013 05:07:22 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09/04/2013 04:31:02 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09/04/2013 04:31:08 | Computer Name = Fraba-PC | Source = PowerOffer Upd Service | ID = 0 Description = Impossibile avviare il servizio. Handle non valido Error - 09/04/2013 05:20:10 | Computer Name = Fraba-PC | Source = SideBySide | ID = 16842815 Description = Generazione del contesto di attivazione non riuscita per "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" dell'attributo "version" nell'elemento "assemblyIdentity" non è valido. Error - 09/04/2013 15:50:03 | Computer Name = Fraba-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Nome del modulo che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Codice eccezione: 0x40000015 Offset errore 0x0007a2fd ID processo che ha generato l'errore: 0x1e64 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce355b6bafcae7 Percorso dell'applicazione che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe Percorso del modulo che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe ID segnalazione: aafcae09-a14e-11e2-9a6e-8ab075bf2cba Error - 10/04/2013 05:58:13 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 10/04/2013 05:58:16 | Computer Name = Fraba-PC | Source = PowerOffer Upd Service | ID = 0 Description = Impossibile avviare il servizio. Handle non valido Error - 10/04/2013 05:58:17 | Computer Name = Fraba-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Nome del modulo che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Codice eccezione: 0x40000015 Offset errore 0x0007a2fd ID processo che ha generato l'errore: 0x7d8 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce35d1e31b0b03 Percorso dell'applicazione che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe Percorso del modulo che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe ID segnalazione: 2a0f3334-a1c5-11e2-aa62-d0ef4098ecb1 Error - 10/04/2013 14:22:19 | Computer Name = Fraba-PC | Source = PowerOffer Upd Service | ID = 0 Description = Impossibile avviare il servizio. Handle non valido Error - 10/04/2013 14:22:24 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue [ Hewlett-Packard Events ] Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:12 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) [ Media Center Events ] Error - 20/12/2010 05:31:36 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 10:31:36 - Errore di connessione a Internet. 10:31:36 - Impossibile contattare il server.. Error - 20/12/2010 05:32:14 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 10:32:05 - Errore di connessione a Internet. 10:32:05 - Impossibile contattare il server.. Error - 20/12/2010 06:32:45 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 11:32:45 - Errore di connessione a Internet. 11:32:45 - Impossibile contattare il server.. Error - 20/12/2010 06:33:15 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 11:33:14 - Errore di connessione a Internet. 11:33:14 - Impossibile contattare il server.. Error - 20/12/2010 07:33:47 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 12:33:47 - Errore di connessione a Internet. 12:33:47 - Impossibile contattare il server.. Error - 20/12/2010 07:34:16 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 12:34:16 - Errore di connessione a Internet. 12:34:16 - Impossibile contattare il server.. Error - 22/12/2010 15:07:38 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 20:07:38 - Errore di connessione a Internet. 20:07:38 - Impossibile contattare il server.. Error - 22/12/2010 15:08:11 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 20:08:07 - Errore di connessione a Internet. 20:08:07 - Impossibile contattare il server.. Error - 05/01/2011 08:41:35 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 13:41:31 - Errore di connessione a Internet. 13:41:31 - Impossibile contattare il server.. Error - 10/01/2011 02:58:41 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 07:58:38 - Errore di connessione a Internet. 07:58:38 - Impossibile contattare il server.. [ System Events ] Error - 01/04/2013 01:42:50 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 01/04/2013 01:42:50 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Serv Updater bloccato in partenza. Error - 05/04/2013 14:14:42 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 05/04/2013 18:23:11 | Computer Name = Fraba-PC | Source = DCOM | ID = 10010 Description = Error - 07/04/2013 12:48:29 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7031 Description = Il servizio Akamai NetSession Interface è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio. Error - 07/04/2013 12:48:29 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7034 Description = Arresto imprevista del servizio Easybits Shared Services for Windows. Questo evento si è già verificato 1 volta(e). Error - 07/04/2013 12:56:45 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7030 Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente. Error - 07/04/2013 12:59:42 | Computer Name = Fraba-PC | Source = Application Popup | ID = 1060 Description = Caricamento del driver \??\C:\ComboFix\catchme.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver. Error - 07/04/2013 12:59:43 | Computer Name = Fraba-PC | Source = Application Popup | ID = 1060 Description = Caricamento del driver \??\C:\ComboFix\catchme.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver. Error - 07/04/2013 13:00:23 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7030 Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente. < End of report >OTL Extras logfile created on: 10/04/2013 23:43:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franca\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 3,93 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 50,41% Memory free 7,86 Gb Paging File | 5,20 Gb Available in Paging File | 66,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,85 Gb Total Space | 352,66 Gb Free Space | 78,57% Space Free | Partition Type: NTFS Drive D: | 16,61 Gb Total Space | 2,71 Gb Free Space | 16,30% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 95,10 Mb Free Space | 96,04% Space Free | Partition Type: FAT32 Computer Name: FRABA-PC | User Name: Franca | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0692267A-F246-4B5F-8395-6931034C5CD1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{0C273546-88B8-4529-A15B-8365EC69FA3D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{0E1384D9-C932-401C-88E2-C9B023AF3834}" = lport=139 | protocol=6 | dir=in | app=system | "{0F69C157-4078-44A4-9E25-8E603384139B}" = lport=445 | protocol=6 | dir=in | app=system | "{199E6948-F205-45A7-B9CB-11C09A9D5285}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{37336A5B-FC83-4999-BA23-114F27369D23}" = rport=137 | protocol=17 | dir=out | app=system | "{375E808F-70A3-45B5-958A-CFB541CA903F}" = rport=138 | protocol=17 | dir=out | app=system | "{38FF5F99-EB90-415E-8597-8F9AF6726075}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{575A002D-9D1E-45D5-B827-B594C358BC9C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5B9888AE-2F37-4678-B14A-317A9F92438E}" = lport=137 | protocol=17 | dir=in | app=system | "{613CF8AB-9E99-4A42-8AEE-166E4AC0632D}" = lport=49279 | protocol=6 | dir=in | name=akamai netsession interface | "{88678C8C-4D34-4168-A60A-789AECB0E08C}" = rport=139 | protocol=6 | dir=out | app=system | "{9A5C5436-0879-4CC1-9251-EE7B2EE6CED0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A465DEC8-47E0-4AD9-8CB8-FC77D2AF7BC4}" = lport=138 | protocol=17 | dir=in | app=system | "{B389F7A5-616C-4A56-9D65-C89A7A9311DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C3E6A372-C75F-4A4D-A881-2B1A85D09F45}" = lport=2869 | protocol=6 | dir=in | app=system | "{C4836E19-7F17-46F5-B5E8-ED03CB7B4385}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD683381-F278-4EDD-AB6F-F5C0FB6D5A99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CFFB2297-7AD7-43F2-8BA4-523D5B707B2B}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04465AEE-FD54-45D2-8567-24C1F1ACD5E2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{092E4DBD-C7ED-4DF7-ACD4-3193C8048983}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{0B998B5A-0F84-41BD-BA36-42BE7D897896}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{142FBEF9-8562-426A-BBD7-95F1566A69BA}" = protocol=6 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "{1603F81F-3535-4C2E-83B0-BDC0729375F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{2097940C-DEC4-4F74-8824-F32EC11B8E01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{23EB6552-4009-42FB-9065-FAA08993BDED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3137D671-67FD-48FF-A5EA-4D0C46A8ADE3}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\hptouchsmartphoto.exe | "{32DFD361-CE48-480E-980B-BDAEE4D6A159}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{355488C6-7078-458F-9A48-83236D10C07D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{3806C9CC-B91A-40A8-844B-7ED9907FD8B0}" = protocol=17 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "{3C70DDDB-E35B-408E-9529-B30FBB40CBC2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{3F07BD61-501B-4E73-A5DE-BD46D96050F4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{43019AAE-1888-4737-8767-445E5D5EBC6E}" = protocol=6 | dir=in | app=c:\program files (x86) eamviewer\version5 eamviewer.exe | "{43AC8B4F-F125-46E5-B6B7-4039660833CE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{46C61275-F31D-4CF8-8E1A-DD401043FAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{4B600AA2-D3C3-4426-8B01-1A7D682FDBD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4D6BA36D-554F-4172-81A9-3DE8D1B5B33C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5B4A2EE9-5E23-4482-8CB6-C21972B4A594}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5C8F6643-911E-45F8-80AD-5683439F7709}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{63A28933-BF80-4E31-9A24-4EE976F1FDB5}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{786024B3-67C9-49F5-8A7C-82B858990718}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7E7BC48C-4ECB-4622-A73E-351869BAEE90}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{82E58F3C-AAAC-4CF6-8DBA-63B6A4F3B14E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{85C6E4DC-3DD7-4860-9A81-72D22443D3E9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{88C61555-F7ED-4444-A09E-547F68916E0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8982ACA3-6D28-4856-ACA1-D934BD3AB357}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8B7A72C4-B3B4-44ED-B22D-B68E0CEBB7B7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8E312EB8-1BA2-45A2-ABEC-ACEF7FC7B66E}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{90D9A99F-947F-4F83-B707-2BC01847C0FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{93307741-EDDA-46CC-A121-EE638E9B1A29}" = protocol=17 | dir=in | app=c:\program files (x86) eamviewer\version5 eamviewer.exe | "{A24FEC84-3AAF-4BFE-8868-86A73769D4D5}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{A47A24B6-7AC8-4F7D-9631-B25E53AC3642}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A8D44F34-FF04-417B-8E22-45CA6BD5E246}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\hptouchsmartmusic.exe | "{AADEEEC2-6A2F-4408-A480-684FD869E00B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B10690A8-B574-4E02-AB01-EC7ADEFBB644}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B569D587-2D90-4C43-AB6F-1D37CB530D13}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media smagent.exe | "{BB32D6F8-F38D-4752-8099-38CB6CE910AE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BDC1C8DA-E2B6-4BD1-8A25-8C558CFB39CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C600BCFB-4EB2-4BF8-8499-4A62A719222B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C97F9A23-93DC-4496-B5B6-356BB5635BB3}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\hptouchsmartvideo.exe | "{C9A03DA9-AE8B-40BC-9368-58F6A2952E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{CEDAC8AA-0E14-4A9B-896C-683FAF09E35D}" = protocol=17 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer_service.exe | "{D19F2EA5-1F2A-4729-983F-300A82347B42}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{DF8782C6-67F3-4084-A62B-FFFF1B43C458}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{E0AF229C-C041-4B6B-AFDC-E8672660F24B}" = dir=in | app=c:\program files (x86)\hewlett-packard ouchsmart\media\kernel\clml\clmlsvc.exe | "{E506CD03-B9CA-4E0D-B27A-F32473AE6C0B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{E628A6D0-F07B-4D39-9537-476C835893E6}" = protocol=17 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer.exe | "{E976DCF6-AE30-4DEC-9775-06905094656D}" = protocol=6 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer_service.exe | "{EF81C018-DE06-4DB3-BD91-3F8CB6333DD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F422C145-67FF-420E-B9D6-963A1514FF61}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{F8D71038-31C5-470C-B5B6-C962820B7F20}" = protocol=6 | dir=in | app=c:\program files (x86) eamviewer\version6 eamviewer.exe | "TCP Query User{7441EEC2-6EDD-48C5-92E1-A1E05E9EDA67}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\ultima online mondain's legacy\client.exe | "TCP Query User{D6F385E4-8788-473B-811A-BE5A63270609}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | "TCP Query User{E8D18DD5-06D6-4397-A17B-405D3540D476}C:\users\franca\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "TCP Query User{F9E34D85-6133-4DD6-A271-EF3D0778834B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{419AC317-9323-4273-948C-B04157D5E7EC}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | "UDP Query User{C5145141-E235-4F57-B5C1-0D328AEEAEF8}C:\users\franca\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\franca\appdata\local\akamai\netsession_win.exe | "UDP Query User{E9ED0506-E373-435A-AC1F-8575E4DD73BC}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\ultima online mondain's legacy\client.exe | "UDP Query User{F383AC72-139A-4072-95F2-FAB8F9CCC87C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01651F94-6956-4F93-8AFE-0A30DB230BDB}" = HP 3D DriveGuard "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java 6 Update 22 (64-bit) "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver audio HD 1.3.23.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "CCleaner" = CCleaner "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) "SynTPDeinstKey" = Synaptics Pointing Device Driver "WNLT" = IB Updater Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0 "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DAF72C7-78D4-4823-BA66-FE8FE3D5BD0A}" = Installazione Guidata Alice ADSL "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2 "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{70C24EB5-5C57-4E24-B29D-AB425CE1866F}" = Aeria Ignite "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007 "{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007 "{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007 "{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Italiano "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5 "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Aeria Ignite" = Aeria Ignite "Aeria Ignite 1.11.2111" = Aeria Ignite "Akamai" = Akamai NetSession Interface Service "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira Free Antivirus "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "EasyBits Magic Desktop" = Magic Desktop "ENTERPRISE" = Microsoft Office Enterprise 2007 "GinyasBrowserCompanion" = GinyasBrowserCompanion "HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5 "HyperMediaCenter_is1" = HyperMediaCenter Software "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 it)" = Mozilla Firefox 19.0.2 (x86 it) "MozillaMaintenanceService" = Mozilla Maintenance Service "PhotoScape" = PhotoScape "Revo Uninstaller" = Revo Uninstaller 1.94 "Shaiya-IT" = Shaiya-IT "Sqirlz Water Reflections" = Sqirlz Water Reflections "TeamViewer 5" = TeamViewer 5 "TeamViewer 6" = TeamViewer 6 "uTorrent" = µTorrent "uTorrentBar_IT Toolbar" = uTorrentBar_IT Toolbar "WildTangent hp Master Uninstall" = HP Games "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "NGM Phonesuite" = NGM Phonesuite ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08/04/2013 05:07:22 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09/04/2013 04:31:02 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09/04/2013 04:31:08 | Computer Name = Fraba-PC | Source = PowerOffer Upd Service | ID = 0 Description = Impossibile avviare il servizio. Handle non valido Error - 09/04/2013 05:20:10 | Computer Name = Fraba-PC | Source = SideBySide | ID = 16842815 Description = Generazione del contesto di attivazione non riuscita per "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" dell'attributo "version" nell'elemento "assemblyIdentity" non è valido. Error - 09/04/2013 15:50:03 | Computer Name = Fraba-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Nome del modulo che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Codice eccezione: 0x40000015 Offset errore 0x0007a2fd ID processo che ha generato l'errore: 0x1e64 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce355b6bafcae7 Percorso dell'applicazione che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe Percorso del modulo che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe ID segnalazione: aafcae09-a14e-11e2-9a6e-8ab075bf2cba Error - 10/04/2013 05:58:13 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 10/04/2013 05:58:16 | Computer Name = Fraba-PC | Source = PowerOffer Upd Service | ID = 0 Description = Impossibile avviare il servizio. Handle non valido Error - 10/04/2013 05:58:17 | Computer Name = Fraba-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Nome del modulo che ha generato l'errore: tbhcn.exe, versione: 1.0.0.5, timestamp: 0x50f25761 Codice eccezione: 0x40000015 Offset errore 0x0007a2fd ID processo che ha generato l'errore: 0x7d8 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce35d1e31b0b03 Percorso dell'applicazione che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe Percorso del modulo che ha generato l'errore: C:\ProgramData\GinyasBrowserCompanion bhcn.exe ID segnalazione: 2a0f3334-a1c5-11e2-aa62-d0ef4098ecb1 Error - 10/04/2013 14:22:19 | Computer Name = Fraba-PC | Source = PowerOffer Upd Service | ID = 0 Description = Impossibile avviare il servizio. Handle non valido Error - 10/04/2013 14:22:24 | Computer Name = Fraba-PC | Source = VmbService | ID = 0 Description = conflictManagerTypeValue [ Hewlett-Packard Events ] Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 30/12/2012 12:34:34 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:12 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) Error - 31/12/2012 07:33:13 | Computer Name = Fraba-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261HPSF.exe in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Riferimento a un oggetto non impostato su un'istanza di oggetto. StackTrace: in HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 4022 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean) [ Media Center Events ] Error - 20/12/2010 05:31:36 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 10:31:36 - Errore di connessione a Internet. 10:31:36 - Impossibile contattare il server.. Error - 20/12/2010 05:32:14 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 10:32:05 - Errore di connessione a Internet. 10:32:05 - Impossibile contattare il server.. Error - 20/12/2010 06:32:45 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 11:32:45 - Errore di connessione a Internet. 11:32:45 - Impossibile contattare il server.. Error - 20/12/2010 06:33:15 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 11:33:14 - Errore di connessione a Internet. 11:33:14 - Impossibile contattare il server.. Error - 20/12/2010 07:33:47 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 12:33:47 - Errore di connessione a Internet. 12:33:47 - Impossibile contattare il server.. Error - 20/12/2010 07:34:16 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 12:34:16 - Errore di connessione a Internet. 12:34:16 - Impossibile contattare il server.. Error - 22/12/2010 15:07:38 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 20:07:38 - Errore di connessione a Internet. 20:07:38 - Impossibile contattare il server.. Error - 22/12/2010 15:08:11 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 20:08:07 - Errore di connessione a Internet. 20:08:07 - Impossibile contattare il server.. Error - 05/01/2011 08:41:35 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 13:41:31 - Errore di connessione a Internet. 13:41:31 - Impossibile contattare il server.. Error - 10/01/2011 02:58:41 | Computer Name = Fraba-PC | Source = MCUpdate | ID = 0 Description = 07:58:38 - Errore di connessione a Internet. 07:58:38 - Impossibile contattare il server.. [ System Events ] Error - 01/04/2013 01:42:50 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 01/04/2013 01:42:50 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Serv Updater bloccato in partenza. Error - 05/04/2013 14:14:42 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 05/04/2013 18:23:11 | Computer Name = Fraba-PC | Source = DCOM | ID = 10010 Description = Error - 07/04/2013 12:48:29 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7031 Description = Il servizio Akamai NetSession Interface è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio. Error - 07/04/2013 12:48:29 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7034 Description = Arresto imprevista del servizio Easybits Shared Services for Windows. Questo evento si è già verificato 1 volta(e). Error - 07/04/2013 12:56:45 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7030 Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente. Error - 07/04/2013 12:59:42 | Computer Name = Fraba-PC | Source = Application Popup | ID = 1060 Description = Caricamento del driver \??\C:\ComboFix\catchme.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver. Error - 07/04/2013 12:59:43 | Computer Name = Fraba-PC | Source = Application Popup | ID = 1060 Description = Caricamento del driver \??\C:\ComboFix\catchme.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver. Error - 07/04/2013 13:00:23 | Computer Name = Fraba-PC | Source = Service Control Manager | ID = 7030 Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente. < End of report >
  6. OTL logfile created on: 10/04/2013 23:43:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franca\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 3,93 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 50,41% Memory free 7,86 Gb Paging File | 5,20 Gb Available in Paging File | 66,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,85 Gb Total Space | 352,66 Gb Free Space | 78,57% Space Free | Partition Type: NTFS Drive D: | 16,61 Gb Total Space | 2,71 Gb Free Space | 16,30% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 95,10 Mb Free Space | 96,04% Space Free | Partition Type: FAT32 Computer Name: FRABA-PC | User Name: Franca | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/10 23:40:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Franca\Desktop\OTL.exe PRC - [2013/03/15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () -- C:\Programmi\Web Assistant\ExtensionUpdaterService.exe PRC - [2013/01/26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Franca\AppData\Local\Akamai\netsession_win.exe PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/08/13 21:05:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/08/13 21:05:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/08/13 21:05:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/12/16 18:44:50 | 000,762,368 | ---- | M] (PService) -- C:\Users\Public\Documents\AppData\PoApp\PService.exe PRC - [2011/11/03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/09/08 16:44:16 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/05/21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/10/06 23:56:44 | 000,415,016 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe PRC - [2009/10/06 00:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008/04/14 15:35:46 | 001,519,616 | ---- | M] () -- C:\Program Files (x86)\DIKOM Multimedia\HyperMediaCenter\DTVR\Scheduled.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013/01/29 15:28:32 | 000,170,840 | ---- | M] () -- C:\Programmi\Web Assistant\Extension32.dll MOD - [2012/12/12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012/10/05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012/10/05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012/08/31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2010/11/13 01:50:53 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010/11/05 03:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/11/05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010/11/05 03:57:46 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2009/10/06 23:57:02 | 000,279,976 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll MOD - [2009/10/06 23:57:02 | 000,120,232 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll MOD - [2009/10/06 23:57:00 | 000,464,168 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll MOD - [2009/10/06 00:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009/06/10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2008/04/14 15:35:46 | 001,519,616 | ---- | M] () -- C:\Program Files (x86)\DIKOM Multimedia\HyperMediaCenter\DTVR\Scheduled.exe MOD - [2003/09/10 04:42:28 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\DIKOM Multimedia\HyperMediaCenter\DTVR\kwspnd.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2013/04/06 00:28:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/25 16:23:44 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013/03/15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/03/09 19:37:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programmi\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/08/13 21:05:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/08/13 21:05:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/07/11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programmi\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2012/04/23 15:43:10 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Users\Franca\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -- (SoftwareUpd) SRV - [2012/04/03 19:59:46 | 000,169,472 | ---- | M] (PowerOfferService) [Auto | Stopped] -- C:\Users\Franca\AppData\Local\PosService\Pos.exe -- (PowerOffer Service) SRV - [2011/12/16 18:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Auto | Stopped] -- C:\Users\Franca\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater) SRV - [2011/11/03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010/09/08 16:44:16 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010/05/21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/13 21:05:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/08/13 21:05:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/08/08 20:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/01 14:33:12 | 000,088,064 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_cdc_ecm.sys -- (vodafone_K3805-z_cdc_ecm) DRV:64bit: - [2010/09/01 14:33:12 | 000,078,336 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_cdc_acm.sys -- (vodafone_K3805-z_cdc_acm) DRV:64bit: - [2010/09/01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV:64bit: - [2010/09/01 14:33:12 | 000,013,824 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_cpo.sys -- (vodafone_K3805-z_cpo) DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/01/05 02:29:01 | 002,838,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/10/03 05:58:12 | 000,258,560 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/08/08 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/21 05:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A38A93E6-3884-4CEA-8070-78B0654536AE} IE:64bit: - HKLM\..\SearchScopes\{A38A93E6-3884-4CEA-8070-78B0654536AE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTo0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {A38A93E6-3884-4CEA-8070-78B0654536AE} IE - HKLM\..\SearchScopes\{A38A93E6-3884-4CEA-8070-78B0654536AE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.it/ IE - HKCU\..\SearchScopes,DefaultScope = {9E78F5CC-9671-4F76-9E03-863D0EC2C0B1} IE - HKCU\..\SearchScopes\{9E78F5CC-9671-4F76-9E03-863D0EC2C0B1}: "URL" = http://www.google.com/search?hl=en&q={searchTerms} IE - HKCU\..\SearchScopes\{A2BE91B7-047F-49E9-AC3F-77311F907DE4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=it_IT&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^IT&apn_uid=7E3DBA4C-FB6D-4856-8B09-3CC096E92B8F&apn_sauid=CDACA0AF-0A8D-4FC1-8FE8-EFB932C8173C IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 IE - HKCU\..\SearchScopes\{CC89926C-B516-4F89-A64F-847B3C15FC99}: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.igoogle.it" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.573 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.3 FF - prefs.js..extensions.enabledAddons: %7B3e0c7f3a-3f50-4730-beb5-4a9a10e2831c%7D:8.0 FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/03/01 17:48:08 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/03/01 17:48:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/03/01 17:48:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/03/01 17:48:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/09 19:37:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/09 19:37:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/01 22:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\Extensions [2013/04/08 22:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\Firefox\Profiles\b88nvzvs.default\extensions [2013/03/30 00:48:22 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Users\Franca\AppData\Roaming\mozilla\Firefox\Profiles\b88nvzvs.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c} [2012/09/25 12:01:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Franca\AppData\Roaming\mozilla\Firefox\Profiles\b88nvzvs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/06/18 21:00:33 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Franca\AppData\Roaming\mozilla\Firefox\Profiles\b88nvzvs.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012/11/24 20:20:13 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Franca\AppData\Roaming\mozilla\Firefox\Profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com [2012/06/12 00:15:30 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Franca\AppData\Roaming\mozilla\Firefox\Profiles\b88nvzvs.default\extensions\ffxtlbr@incredibar.com [2013/04/08 22:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\Firefox\Profiles\b88nvzvs.default\extensions\staged [2012/06/01 13:58:48 | 000,002,933 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\clocktab@vik.josh.xpi [2013/02/17 19:42:23 | 000,015,751 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\restartless.restart@erikvold.com.xpi [2013/03/30 00:48:19 | 000,117,153 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013/01/11 22:31:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\00fa8af3e1afacabf63912c667597b88_expire [2013/04/04 19:24:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2013/02/02 21:53:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0bb66476c57d47d5a6fb7e7674377c0d_expire [2013/04/06 00:06:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire [2013/03/30 13:56:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\13d5beed7af8587c97041140898f20fb_expire [2013/03/09 19:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire [2013/02/02 22:58:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21fdaa9a4d00888fb89ab4150c475afe_expire [2013/03/30 00:38:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire [2013/03/30 00:37:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012/09/25 11:55:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\29707677b08fb26b2f65143134a1da51_expire [2012/09/25 11:55:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\35c5ead7c694459d2b46d88482247348_expire [2013/04/08 22:23:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4bb79f13c77b1255dc49f0d657dfac7d_expire [2013/02/02 22:58:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4be754d05a1a132121d9fdfa869a2fe3_expire [2013/04/08 22:23:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2013/04/08 22:23:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4f58276013e8b7af7d3fbf813163d5c3_expire [2013/04/08 22:23:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\530e52021dc20843b1aa62957edeb9f8_expire [2013/01/11 22:52:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\57946d7296214a969f57f809acbbb2c9_expire [2013/03/30 00:38:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire [2013/02/02 21:53:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ccbc7d24e3f98d4fb183f06f125b58b_expire [2013/04/08 22:23:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_expire [2013/03/30 00:38:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6fdfbada841d5c35ed7e4cc440ebc0f7_expire [2013/01/07 13:03:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire [2013/03/30 13:56:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire [2013/03/30 00:38:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\79fb7d8c9c120c501ff74f2666f1ed76_expire [2013/01/11 22:31:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9238b45def093d2a9a5c06fb11a3c4e3_expire [2012/09/25 11:55:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9927ebf7c3c498c96c52b76f3a964e84_expire [2013/01/11 22:31:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\99a397b5eee6f1b4c020f519b74db96d_expire [2013/02/17 19:40:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39_expire [2012/09/25 11:55:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a3305b130a0ed11cd68c58b262aa95b3_expire [2013/03/30 13:56:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire [2013/01/11 22:31:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\adf275b6644b3fcac86a14ffe551dede_expire [2012/09/25 11:55:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\be618ea2f4f463a305fc75d122f2d990_expire [2013/02/17 19:40:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c5538e5049ca9b04ad62d9a930947369_expire [2013/02/02 21:53:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ca7645042096dd3cfadc42109c394f16_expire [2013/03/09 19:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ceec6e4f46abde15a7f2536a318f4cfd_expire [2013/04/08 22:23:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e440d29f88739418e905adc0a155a174_expire [2013/04/08 22:23:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e5261abf2e11d65922ee31bdca03dca7_expire [2013/04/06 00:06:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire [2013/04/08 22:23:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012/09/25 11:55:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire [2013/03/30 00:38:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ee1ab4cb8e86769e288abaa46407a623_expire [2013/04/06 00:06:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2013/04/08 22:23:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f2bead22a65ec461e339f02da757d445_expire [2013/04/08 22:23:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2013/04/08 22:23:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2013/04/05 20:15:11 | 000,002,308 | ---- | M] () -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\searchplugins\askcom.xml [2013/03/30 00:41:51 | 000,000,950 | ---- | M] () -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\searchplugins\icqplugin.xml [2012/06/12 00:15:17 | 000,002,203 | ---- | M] () -- C:\Users\Franca\AppData\Roaming\mozilla\firefox\profiles\b88nvzvs.default\searchplugins\MyStart Search.xml [2013/03/09 19:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/03/09 19:37:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/03/09 19:37:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013/03/09 19:37:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/03/01 17:48:08 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/03/09 19:37:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/03/02 14:06:40 | 000,001,606 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml [2013/03/02 14:06:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/03/02 14:06:40 | 000,000,957 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml [2013/03/02 14:06:40 | 000,001,030 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml [2013/03/02 14:06:40 | 000,001,395 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml [2013/03/02 14:06:40 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2013/04/07 19:00:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\Web Assistant\Extension32.dll () O2 - BHO: (uTorrentBar_IT Toolbar) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTo0.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - No CLSID value found. O3 - HKLM\..\Toolbar: (uTorrentBar_IT Toolbar) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTo0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_IT Toolbar) - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTo0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Programmi\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Franca\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Center Agent] C:\Program Files (x86)\DIKOM Multimedia\HyperMediaCenter\DTVR\Scheduled.exe () O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Siti attendibili) O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Siti attendibili) O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Siti attendibili) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{461EB543-71D3-4E92-BEDB-06A665E5432B}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73F93469-9074-41D9-AE3B-1154ECED3CF7}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2D148E-8E75-4A62-AD35-1F274715FA59}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0FA287-443A-4137-AB42-A57F6C71F1B8}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7C42932-7359-4F77-BF61-BB04DE227884}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter ext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.MPEGacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.) Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/04/10 23:40:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Franca\Desktop\OTL.exe [2013/04/10 20:08:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/10 20:08:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/10 20:08:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/10 20:08:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/10 20:08:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/10 20:08:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/10 20:08:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/10 20:08:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/10 20:08:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/10 20:08:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/10 20:08:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/10 20:08:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/10 20:08:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/10 20:08:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 20:08:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/10 12:06:46 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 12:06:44 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 12:06:43 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 12:06:42 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 12:06:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 12:06:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/07 19:13:33 | 000,000,000 | ---D | C] -- C:\Users\Franca\AppData\Roaming\SUPERAntiSpyware.com [2013/04/07 19:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/04/07 19:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013/04/07 19:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/04/07 19:01:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/07 19:00:19 | 000,000,000 | ---D | C] -- C:\Windows emp [2013/04/07 18:41:36 | 000,000,000 | ---D | C] -- C:\Users\Franca\Desktop\cugintour 6 aprile 2013 [2013/04/06 00:28:51 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/06 00:28:51 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/05 17:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/04/05 17:26:14 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/04/05 17:26:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/04/05 17:26:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/04/05 17:26:06 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/04/05 16:36:15 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/04/05 16:36:15 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/04/05 16:36:15 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/04/05 16:36:15 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/04/05 16:36:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/04/05 16:36:15 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/04/05 16:36:15 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/04/05 16:36:15 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/05 16:36:15 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/04/05 16:36:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/04/05 16:36:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/05 16:36:15 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/04/05 16:36:14 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/05 16:36:14 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/04/05 16:36:14 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/04/05 16:36:14 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/04/05 16:36:14 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/04/05 16:36:14 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/04/05 16:36:14 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/05 16:36:14 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/04/05 16:36:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/04/05 16:36:14 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/04/05 16:36:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/04/05 16:36:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/04/05 16:36:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/04/05 16:36:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 dc.ocx [2013/04/05 16:36:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/04/05 16:36:14 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/04/05 16:36:14 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/04/05 16:36:13 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/05 16:36:13 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/04/05 16:36:13 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/04/05 16:36:13 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/04/05 16:36:13 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/05 16:36:13 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/04/05 16:36:13 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/05 16:36:13 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/05 16:36:13 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/04/05 16:36:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/04/05 16:36:13 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/04/05 16:36:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/04/05 16:36:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/04/05 16:36:13 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/04/05 16:36:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/05 16:36:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/04/05 16:36:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/04/05 16:36:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative dc.ocx [2013/04/05 16:36:13 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/04/05 16:36:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/04/05 16:36:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/04/05 16:36:13 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/04/05 16:36:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/04/05 16:36:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/04/05 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/03/28 12:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013/03/28 12:01:22 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013/03/28 12:01:22 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013/03/28 12:01:21 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013/03/28 12:01:21 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013/03/28 12:01:21 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013/03/28 12:01:21 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013/03/28 12:01:21 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013/03/28 12:01:21 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013/03/28 12:01:21 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013/03/28 12:01:21 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013/03/28 12:01:21 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013/03/28 12:01:21 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013/03/28 12:01:21 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013/03/28 12:01:21 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013/03/28 12:01:21 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013/03/28 12:01:21 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013/03/28 12:01:21 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013/03/28 12:01:21 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013/03/28 12:01:21 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013/03/26 01:20:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/18 09:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded [2013/03/14 15:44:08 | 000,000,000 | ---D | C] -- C:\Users\Franca\AppData\Roaming\Apple Computer [2012/12/31 15:34:06 | 008,358,176 | ---- | C] (Burnaware Technologies ) -- C:\Users\Franca\burnaware_free.exe [2011/03/21 23:08:51 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Franca\utorrent.exe [2010/10/29 15:46:50 | 001,162,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Franca\wlsetup-web-14.0.8091.0730.exe [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/10 23:40:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Franca\Desktop\OTL.exe [2013/04/10 22:54:00 | 000,000,978 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job [2013/04/10 22:10:00 | 000,000,928 | ---- | M] () -- C:\Windows asks\GinyasBrowserCompanion Update Checker.job [2013/04/10 21:50:00 | 000,000,996 | ---- | M] () -- C:\Windows asks\GinyasBrowserCompanion Stats Report.job [2013/04/10 20:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/10 20:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/10 20:22:49 | 000,000,996 | ---- | M] () -- C:\Windows asks\GinyasBrowserCompanion Chrome Watcher.job [2013/04/10 20:22:47 | 000,000,996 | ---- | M] () -- C:\Windows asks\GinyasBrowserCompanion FireFox Watcher.job [2013/04/10 20:22:02 | 000,456,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/10 20:21:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/10 20:20:56 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys [2013/04/10 19:13:00 | 000,000,512 | ---- | M] () -- C:\Windows asks\SUPERAntiSpyware Scheduled Task 8c2cf487-9f52-4f81-be88-7c623dac5100.job [2013/04/09 02:21:01 | 000,082,592 | ---- | M] () -- C:\Users\Franca\Desktop\123_big.gif [2013/04/09 02:00:00 | 000,000,512 | ---- | M] () -- C:\Windows asks\SUPERAntiSpyware Scheduled Task d6033922-2f0e-451b-b48c-56b66d2572ff.job [2013/04/08 17:47:10 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2013/04/08 17:46:51 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2013/04/08 16:39:47 | 007,067,641 | ---- | M] () -- C:\Users\Franca\Desktop\Audio 2 Zucchero Amaro.mp3 [2013/04/08 16:34:31 | 005,814,391 | ---- | M] () -- C:\Users\Franca\Desktop\SPECCHI RIFLESSI ~ Audio2.mp3 [2013/04/07 19:13:29 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/04/07 19:00:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/04/07 18:39:32 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/07 18:39:32 | 000,698,804 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/04/07 18:39:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/07 18:39:32 | 000,127,998 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/04/07 18:39:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/06 00:33:38 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/06 00:33:38 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/05 17:26:01 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/04/05 17:26:00 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/04/05 17:26:00 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/04/05 17:26:00 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/04/05 17:26:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/04/05 17:26:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/04/05 16:36:15 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/04/05 16:36:15 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/04/05 16:36:15 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/04/05 16:36:15 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/04/05 16:36:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/04/05 16:36:15 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/04/05 16:36:15 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/04/05 16:36:15 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/05 16:36:15 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/04/05 16:36:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/04/05 16:36:15 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/05 16:36:15 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/04/05 16:36:14 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/05 16:36:14 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/04/05 16:36:14 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/04/05 16:36:14 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/04/05 16:36:14 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/04/05 16:36:14 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/04/05 16:36:14 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/05 16:36:14 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/04/05 16:36:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/04/05 16:36:14 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/04/05 16:36:14 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/04/05 16:36:14 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/04/05 16:36:14 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/04/05 16:36:14 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64 dc.ocx [2013/04/05 16:36:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/04/05 16:36:14 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/05 16:36:14 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/04/05 16:36:14 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/04/05 16:36:13 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/05 16:36:13 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/04/05 16:36:13 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/04/05 16:36:13 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/04/05 16:36:13 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/05 16:36:13 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/04/05 16:36:13 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/05 16:36:13 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/05 16:36:13 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/04/05 16:36:13 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/04/05 16:36:13 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/04/05 16:36:13 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/04/05 16:36:13 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/04/05 16:36:13 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/04/05 16:36:13 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/05 16:36:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/04/05 16:36:13 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/04/05 16:36:13 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative dc.ocx [2013/04/05 16:36:13 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/04/05 16:36:13 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/04/05 16:36:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/04/05 16:36:13 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/04/05 16:36:13 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/05 16:36:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/04/05 16:36:13 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/04/04 00:00:07 | 000,000,336 | ---- | M] () -- C:\Windows asks\HPCeeScheduleForFranca.job [2013/04/02 00:52:13 | 000,060,778 | ---- | M] () -- C:\Users\Franca\306158_1481375530068_6843674_n.jpg [2013/03/19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/03/19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/03/19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/03/19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/03/19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/03/19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/03/15 07:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013/03/15 07:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013/03/15 07:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013/03/15 07:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013/03/15 07:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013/03/15 07:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013/03/15 07:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013/03/15 07:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013/03/15 07:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013/03/15 07:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013/03/15 07:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013/03/15 07:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013/03/15 07:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013/03/15 07:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013/03/15 07:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013/03/15 07:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013/03/15 07:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013/03/15 07:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013/03/15 07:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013/03/15 07:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013/03/15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013/03/15 06:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013/03/15 06:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013/03/15 06:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013/03/15 06:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013/03/15 06:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/09 02:21:07 | 000,082,592 | ---- | C] () -- C:\Users\Franca\Desktop\123_big.gif [2013/04/08 16:39:32 | 007,067,641 | ---- | C] () -- C:\Users\Franca\Desktop\Audio 2 Zucchero Amaro.mp3 [2013/04/08 16:34:22 | 005,814,391 | ---- | C] () -- C:\Users\Franca\Desktop\SPECCHI RIFLESSI ~ Audio2.mp3 [2013/04/07 19:13:41 | 000,000,512 | ---- | C] () -- C:\Windows asks\SUPERAntiSpyware Scheduled Task 8c2cf487-9f52-4f81-be88-7c623dac5100.job [2013/04/07 19:13:40 | 000,000,512 | ---- | C] () -- C:\Windows asks\SUPERAntiSpyware Scheduled Task d6033922-2f0e-451b-b48c-56b66d2572ff.job [2013/04/07 19:13:29 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/04/06 00:28:53 | 000,000,978 | ---- | C] () -- C:\Windows asks\Adobe Flash Player Updater.job [2013/04/05 16:36:14 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/05 16:36:13 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/02 00:52:21 | 000,060,778 | ---- | C] () -- C:\Users\Franca\306158_1481375530068_6843674_n.jpg [2012/12/31 15:35:57 | 000,000,503 | ---- | C] () -- C:\Users\Franca\AppData\Roaming\burnaware.ini [2012/12/30 20:14:24 | 000,843,506 | ---- | C] () -- C:\Users\Franca\cartamodellopigotta.png [2012/11/24 20:33:58 | 000,000,035 | ---- | C] () -- C:\Users\Franca\AppData\Roaming\mbam.context.scan [2012/11/01 14:56:42 | 000,221,299 | ---- | C] () -- C:\Users\Franca\halloween 2012.jpg [2012/09/10 21:11:49 | 1101,908,374 | ---- | C] () -- C:\Users\Franca\Ultima Online Mondain's Legacy.rar [2012/06/29 13:00:48 | 000,217,487 | ---- | C] () -- C:\Users\Franca\Risposta2363044_1_VER2.pdf [2012/06/27 18:13:55 | 000,010,777 | ---- | C] () -- C:\Users\Franca\Registrazione Tiscali Internet senza canone.htm [2012/06/27 11:45:29 | 000,029,511 | ---- | C] () -- C:\Users\Franca\ravvedimentoIMU.pdf [2012/06/12 01:10:31 | 000,007,544 | ---- | C] () -- C:\Users\Franca\AppData\Local\unins000.dat [2012/06/07 22:42:33 | 000,055,136 | ---- | C] () -- C:\Users\Franca\Metin2_it_20111216.exe.torrent [2012/05/10 11:51:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/10 11:51:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/10 11:51:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/10 11:51:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/10 11:51:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/01/21 21:24:52 | 001,073,004 | ---- | C] () -- C:\Users\Franca\io e leo.jpg [2011/04/14 12:46:50 | 000,000,011 | ---- | C] () -- C:\Windows\3DShadow.INI [2011/04/08 20:25:52 | 000,025,048 | -HS- | C] () -- C:\Users\Franca\Folder.jpg [2011/04/08 20:25:52 | 000,007,293 | -HS- | C] () -- C:\Users\Franca\AlbumArtSmall.jpg [2011/03/21 23:12:36 | 000,017,159 | ---- | C] () -- C:\Users\Franca\FW_Installer_OB.rar.torrent [2011/02/28 12:30:28 | 000,001,178 | ---- | C] () -- C:\Users\Franca\AppData\Roaming\wklnhst.dat [2011/02/05 18:25:50 | 000,001,854 | ---- | C] () -- C:\Users\Franca\AppData\Roaming\GhostObjGAFix.xml [2010/11/19 18:27:38 | 166,297,938 | ---- | C] () -- C:\Users\Franca\Microsoft Front Page 2003 + seriale - ITA.rar [2010/10/29 15:42:47 | 007,362,048 | ---- | C] () -- C:\Users\Franca\MM26_IT.msi [2010/09/16 17:20:52 | 000,126,116 | ---- | C] () -- C:\Users\Franca\LD-champagne2.zip [2010/09/08 11:07:40 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010/06/01 14:37:46 | 000,001,235 | ---- | C] () -- C:\Users\Franca\HyperMediaCenter.lnk [2010/05/21 12:57:48 | 000,020,480 | ---- | C] () -- C:\Users\Franca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/21 12:49:52 | 001,933,603 | ---- | C] () -- C:\Users\Franca\AppData\Local mpDSCN0057.2 [2010/05/21 12:49:49 | 001,934,341 | ---- | C] () -- C:\Users\Franca\AppData\Local mpDSCN0057.1 [2010/05/21 12:49:47 | 005,416,154 | ---- | C] () -- C:\Users\Franca\AppData\Local mpDSCN0057.0 [2010/05/21 12:49:47 | 001,943,949 | ---- | C] () -- C:\Users\Franca\AppData\Local mpDSCN0057.JPG [2010/05/19 11:54:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Commands [2010/05/19 11:54:48 | 000,000,268 | RH-- | C] () -- C:\Users\Franca\AppData\Roaming\ColorTable [2010/05/19 11:54:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010/05/19 11:50:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Comedy Noises [2010/05/19 11:50:11 | 000,000,268 | RH-- | C] () -- C:\Users\Franca\AppData\Roaming\Cocoa [2010/05/19 11:50:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010/05/04 13:50:03 | 000,013,509 | ---- | C] () -- C:\Users\Franca\AppData\Local mpALESSIA 10.2 [2010/05/04 13:49:57 | 000,013,501 | ---- | C] () -- C:\Users\Franca\AppData\Local mpALESSIA 10.1 [2010/05/04 13:49:55 | 000,021,642 | ---- | C] () -- C:\Users\Franca\AppData\Local mpALESSIA 10.0 [2010/05/04 13:49:55 | 000,013,512 | ---- | C] () -- C:\Users\Franca\AppData\Local mpALESSIA 10.JPG [2010/04/17 23:11:00 | 000,000,017 | ---- | C] () -- C:\Users\Franca\AppData\Local\resmon.resmoncfg [2010/03/24 14:24:20 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/11 23:43:26 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Aeria Games & Entertainment [2012/08/11 17:30:10 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Alien Skin [2012/11/24 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\BrowserCompanion [2012/12/15 01:42:05 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\EmoticoonsToolbar [2012/08/04 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\FreeVideoConverter [2013/04/10 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\ICQ [2013/03/13 13:55:55 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\IObit [2010/05/04 16:31:28 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Jasc [2010/06/01 14:37:47 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\KWorld Multimedia [2010/05/19 12:03:43 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Nikon [2012/08/05 16:55:35 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\OpenCandy [2012/08/09 00:12:12 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\PhotoScape [2011/07/10 22:38:30 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Razor [2011/11/28 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\TeamViewer [2011/02/28 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Template [2010/04/28 19:25:05 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Ulead Systems [2010/05/23 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Uniblue [2013/04/06 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\uTorrent [2011/07/20 16:45:32 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Vodafone [2010/12/18 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\WildTangent [2011/03/03 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\Windows Live Writer [2010/03/24 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Franca\AppData\Roaming\_MDLogs ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2013/02/26 13:46:58 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2012/07/27 17:37:53 | 000,000,196 | ---- | M] () -- C:\ChromeHPLog.txt [2013/04/07 19:07:43 | 000,029,460 | ---- | M] () -- C:\ComboFix.txt [2012/11/24 20:20:14 | 000,000,043 | ---- | M] () -- C:\END [2013/04/10 20:20:56 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys [2010/05/21 13:19:53 | 000,000,186 | ---- | M] () -- C:\hpqlb.log [2013/04/10 20:21:01 | 4218,281,984 | -HS- | M] () -- C:\pagefile.sys [2012/06/12 00:15:31 | 000,000,447 | ---- | M] () -- C:\user.js [2 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\Fonts\*.com > [2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 22:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > [2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > [2012/04/27 16:52:35 | 000,001,734 | -HS- | M] () -- C:\Users\Franca\AppData\Roaming\Microsoft\LastFlashConfig.wfc < %PROGRAMFILES%\*.* > [2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %PROGRAMFILES%\Internet Explorer\*.dat > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2011/04/28 22:59:35 | 000,000,221 | -HS- | M] () -- C:\Users\Franca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini < %USERPROFILE%\Desktop\*.exe > [2012/11/11 01:59:34 | 001,109,504 | ---- | M] () -- C:\Users\Franca\Desktop\EUOX217.exe [2013/04/10 23:40:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Franca\Desktop\OTL.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32 est\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report >
  7. Allego i log richiesti per quanto riguarda superantipyware ho già effettuato la rimozione dei trheats.Grazie log combo fix.txt SUPERAntiSpyware Scan Log - 04-07-2013 - 19-24-51.log mbam-log-2013-04-07 (19-28-13).txt
  8. ho aggiornato Explorer alla versione 10 , ma il problema l avevo anche con 8 flash player è aggiornato e anche java all' ultima versione
  9. Ciao a tutti, come da titolo mi servirebbero dei pareri ed eventuali dei consigli su questo gruppo di continuità http://www.fc-electronik.net//foto_ebay/be700.pdf Ho letto che la marca APC è la migliore per quanto riguarda gli ups, però vorrei ulteriori pareri prima di acquistarlo ed eventuali consigli di altri gruppi se questo non va bene. Grazie in anticipo ciao
  10. Cosa ne pensi di questo nel link? Dovrei collegare monitor, pc, modem, un hardisk esterno e le casse del pc
  11. Buongiorno, all accensione del mio pc questa mattina mi è comparso un avviso di errore di Avira ( ieri ultimo aggiornamento ) e adesso non c'è più l icona di Avira vicino l orologio. Qualcuno sa dirmi cortesemente come posso risolvere il problema e a cosa sia dovuto. Grazie mille. Allego file log hijackthis e log malware hijackthis.log mbam-log-2012-04-20 (11-13-47).txt
  12. Allego log hijackthis effettuato in seguito a un rilevamento da Malwarebyte s di un trojan agent, grazie per il vostro aiuto. Allego anche log di combo fix .Grazie.
  13. Ecco l ultimo log di hijackthis.Resto in attesa a dita incrociate . Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19.12.43, on 10/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Panda USB Vaccine\USBVaccine.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\YoWindow\yowindow.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Avira\AntiVir Desktop\avshadow.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: YoWindow.lnk = C:\Programmi\YoWindow\yowindow.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{90371BFC-260E-4068-8F98-92479EF61294}: NameServer = 85.37.17.17 85.38.28.72 O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5288 bytes
  14. Allora ho disistallato e reistallato malwarebytes ( lo avevo fatto anche oggi) ma non mi appare la dicitura periodo di prova. stranamente malwarebytes conteneva in quarantena il trojan agent e tutti i report delle scansioni fatte in precedenza. Ti allego il log hijackthis e l altro di hitmanpro. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21.51.49, on 08/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Panda USB Vaccine\USBVaccine.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Avira\AntiVir Desktop\avshadow.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\YoWindow\yowindow.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HitmanPro35] "C:\Programmi\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: YoWindow.lnk = C:\Programmi\YoWindow\yowindow.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{90371BFC-260E-4068-8F98-92479EF61294}: NameServer = 85.37.17.17 85.38.28.72 O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5421 bytes Log Hitmanpro - <Log computer="CECILIA" scan="Normal" version="3.5.8.121" date="2011-06-08T14:45:26" timeSpentInSecs="637" filesProcessed="13706"> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt" /> </Item> - <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt" /> </Item> - <Item type="Suspicious" score="22.0" status="None"> <File path="C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\GoogleUpdates.exe" hash="FA6BEC9267ECA2B4479006889CC394B0D12725E506A28C1A2F22799BBBC937AB" /> - <Startup> <Key path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Update" /> </Startup> - <References> <Key path="HKU\S-1-5-21-1220945662-706699826-1801674531-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\GoogleUpdates.exe" /> </References> </Item> </Log> incrocio le dita e ti rinnovo il mio Grazie.
  15. Ho eseguito alla lettera le tue istruzioni, adesso ho la sensazione di avere un pc nuovo, è mooooltoo più veloce di prima ho provato a navigare un po , ho riavviato il sistema e sembra tutto perfettamente in ordine. Grazieee. ti allego il log con il solito copia e incolla (uff perchè mi da errore quando lo carico) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20.07.42, on 08/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Panda USB Vaccine\USBVaccine.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\Avira\AntiVir Desktop\avshadow.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\File comuni\Java\Java Update\jusched.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\YoWindow\yowindow.exe C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HitmanPro35] "C:\Programmi\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: YoWindow.lnk = C:\Programmi\YoWindow\yowindow.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{90371BFC-260E-4068-8F98-92479EF61294}: NameServer = 85.37.17.17 85.38.28.72 O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6021 bytes
  16. Eccomi ho eseguito le procedure da te descritte nel post precedente, purtroppo non so perchè non mi allega i file mi da sempre errore quindi li metto sul post con il solito copia e incolla. Per quanto riguarda il pc ho la sensazione che sia leggermente piu' veloce, all avvio di windows non mi compare piu' il messaggio di allerta di un virus dato da malwarebyte s , ma mi è successo che avviando explore mi si è aperta la pagina iniziale e subito dopo un sito (che non ho avuto modo di vedere cosa fosse) e immediatamente si è chiuso tutto, avviando nuovamente explorer il problema non si è ripresentato. ecco di seguito i log. Grazie della gentilezza ComboFix 11-06-06.06 - Administrator 07/06/2011 14.24.36.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.633 [GMT 2:00] Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5C49-7C92-0300-000100000000} . FILE :: "c:\documents and settings\Administrator\Dati applicazioni\Microsoft\spoolsv.exe" . . ((((((((((((((((((((((((( Files Creati Da 2011-05-07 al 2011-06-07 ))))))))))))))))))))))))))))))))))) . . 2011-06-06 14:37 . 2011-06-06 14:37 388096 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-31 13:09 . 2011-05-31 13:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2011-05-05 13:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2011-05-05 13:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 10:22 . 2011-04-30 11:25 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-02 10:22 . 2011-04-30 11:25 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-19 15:28 . 1999-05-15 18:02 3224336 ----a-w- c:\windows\system32\VFP500.DLL 2011-04-19 15:28 . 1999-05-15 18:02 770560 ----a-w- c:\windows\system32\VFP5ENU.DLL . . ((((((((((((((((((((((((((((( SnapShot@2011-06-06_14.05.05 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-07 09:28 . 2011-06-07 09:28 16384 c:\windows\temp\Perflib_Perfdata_6b8.dat + 2006-10-06 20:06 . 2011-06-07 09:27 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat - 2006-10-06 20:06 . 2011-06-06 13:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2006-10-06 20:06 . 2011-06-07 09:27 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat - 2006-10-06 20:06 . 2011-06-06 13:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat + 2010-03-06 21:56 . 2011-06-07 09:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2010-03-06 21:56 . 2011-06-06 13:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-06-06 14:37 . 2011-06-06 14:37 1094656 c:\windows\Installer\16d2ca.msi . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-12 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-08-21 2553088] "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768] "Google Update"="c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\GoogleUpdates.exe" [2011-06-05 1860096] "Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\ YoWindow.lnk - c:\programmi\YoWindow\yowindow.exe [2010-4-7 720384] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872] R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632] R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [05/05/2011 15.06.33 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/05/2011 15.06.25 22712] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [12/11/2010 18.55.57 136176] S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?] S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [12/11/2010 18.55.57 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/05/2011 15.06.33 39984] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [21/06/2009 14.17.13 31872] S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872] S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [07/10/2006 0.40.08 129535] . --- Altri Servizi/Drivers In Memoria --- . *Deregistered* - xcpip *Deregistered* - xpsec . Contenuto della cartella 'Scheduled Tasks' . 2011-06-07 c:\windows\Tasks\GlaryInitialize.job - c:\programmi\Glary Utilities\initialize.exe [2010-03-06 18:44] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-12 16:55] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-12 16:55] . 2011-06-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07] . 2011-06-07 c:\windows\Tasks\PandaUSBVaccine.job - c:\programmi\Panda USB Vaccine\RunInteractiveWin.exe [2010-03-07 15:45] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.com/ig?hl=it IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{90371BFC-260E-4068-8F98-92479EF61294}: NameServer = 85.37.17.17 85.38.28.72 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-07 14:32 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\S-1-5-21-1220945662-706699826-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,01,5b,01,eb,f0,27,4b,9e,e3,7c,\ "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,9b,c5,9b,0a,0b,43,41,81,d7,fc,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,01,5b,01,eb,f0,27,4b,9e,e3,7c,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'winlogon.exe'(612) c:\programmi\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll . - - - - - - - > 'explorer.exe'(2188) c:\windows\system32\WININET.dll c:\programmi\Windows Media Player\wmpband.dll c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA c:\windows\system32\webcheck.dll . Ora fine scansione: 2011-06-07 14:35:31 ComboFix-quarantined-files.txt 2011-06-07 12:35 ComboFix2.txt 2011-06-07 09:36 . Pre-Run: 137.890.668.544 byte disponibili Post-Run: 137.938.960.384 byte disponibili . - - End Of File - - A855DEBCA9545E73B40BDB4B7236CC6E Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14.37.09, on 07/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Panda USB Vaccine\USBVaccine.exe C:\WINDOWS\system32\oodtray.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\YoWindow\yowindow.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\Avira\AntiVir Desktop\avshadow.exe C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Google Update] C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\GoogleUpdates.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: YoWindow.lnk = C:\Programmi\YoWindow\yowindow.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1249381819406 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{90371BFC-260E-4068-8F98-92479EF61294}: NameServer = 85.37.17.17 85.38.28.72 O20 - Winlogon Notify: !SASWinLogon - c:\Programmi\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6589 bytes Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Versione database: 6785 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/06/2011 16.20.53 mbam-log-2011-06-07 (16-20-53).txt Tipo di scansione: Scansione completa (C:\|) Elementi esaminati: 220087 Tempo impiegato: 1 ore, 42 minuti, 49 secondi Processi infetti in memoria: 0 Moduli di memoria infetti: 0 Chiavi di registro infette: 0 Valori di registro infetti: 0 Voci infette nei dati di registro: 0 Cartelle infette: 0 File infetti: 0 Processi infetti in memoria: (Non sono stati rilevati elementi nocivi) Moduli di memoria infetti: (Non sono stati rilevati elementi nocivi) Chiavi di registro infette: (Non sono stati rilevati elementi nocivi) Valori di registro infetti: (Non sono stati rilevati elementi nocivi) Voci infette nei dati di registro: (Non sono stati rilevati elementi nocivi) Cartelle infette: (Non sono stati rilevati elementi nocivi) File infetti: (Non sono stati rilevati elementi nocivi) "c:\documents and settings\Administrator\Dati applicazioni\Microsoft\spoolsv.exe" . . ((((((((((((((((((((((((( Files Creati Da 2011-05-07 al 2011-06-07 ))))))))))))))))))))))))))))))))))) . . 2011-06-06 14:37 . 2011-06-06 14:37 388096 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-31 13:09 . 2011-05-31 13:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2011-05-05 13:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2011-05-05 13:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 10:22 . 2011-04-30 11:25 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-02 10:22 . 2011-04-30 11:25 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-19 15:28 . 1999-05-15 18:02 3224336 ----a-w- c:\windows\system32\VFP500.DLL 2011-04-19 15:28 . 1999-05-15 18:02 770560 ----a-w- c:\windows\system32\VFP5ENU.DLL . . ((((((((((((((((((((((((((((( SnapShot@2011-06-06_14.05.05 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-07 09:28 . 2011-06-07 09:28 16384 c:\windows\temp\Perflib_Perfdata_6b8.dat + 2006-10-06 20:06 . 2011-06-07 09:27 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat - 2006-10-06 20:06 . 2011-06-06 13:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2006-10-06 20:06 . 2011-06-07 09:27 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat - 2006-10-06 20:06 . 2011-06-06 13:07 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat + 2010-03-06 21:56 . 2011-06-07 09:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2010-03-06 21:56 . 2011-06-06 13:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-06-06 14:37 . 2011-06-06 14:37 1094656 c:\windows\Installer\16d2ca.msi . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-12 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-08-21 2553088] "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768] "Google Update"="c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\GoogleUpdates.exe" [2011-06-05 1860096] "Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\ YoWindow.lnk - c:\programmi\YoWindow\yowindow.exe [2010-4-7 720384] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872] R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632] R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [05/05/2011 15.06.33 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/05/2011 15.06.25 22712] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [12/11/2010 18.55.57 136176] S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?] S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [12/11/2010 18.55.57 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/05/2011 15.06.33 39984] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [21/06/2009 14.17.13 31872] S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872] S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [07/10/2006 0.40.08 129535] . --- Altri Servizi/Drivers In Memoria --- . *Deregistered* - xcpip *Deregistered* - xpsec . Contenuto della cartella 'Scheduled Tasks' . 2011-06-07 c:\windows\Tasks\GlaryInitialize.job - c:\programmi\Glary Utilities\initialize.exe [2010-03-06 18:44] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-12 16:55] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-12 16:55] . 2011-06-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07] . 2011-06-07 c:\windows\Tasks\PandaUSBVaccine.job - c:\programmi\Panda USB Vaccine\RunInteractiveWin.exe [2010-03-07 15:45] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.com/ig?hl=it IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{90371BFC-260E-4068-8F98-92479EF61294}: NameServer = 85.37.17.17 85.38.28.72 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-07 14:32 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . Rettifica , purtroppo qst mattina all avvio del pc Malwarebyte s mi ha nuovamente segnalato il trojan agend che ho provveduto a mettere in quarantena
  17. Ho eseguito alla lettera le tue istruzioni anche se non ho trovato la voce da fixare su hijackthis, dopo aver avviato seguendo la procedura da te descritta combofix il pc si è riavviato e nella schermata iniziale mi è apparso malwarebyte s che mi infoirmava che c erano elementi nocivi. Nella quarantena ho trovato questi virus: Backdoor.IRCBot Trojan Agent. Scusa ma faccio copia e incolla che non lo carica il log combofix Grazie ancora. ComboFix 11-06-06.01 - Administrator 06/06/2011 18.38.30.7.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.589 [GMT 2:00] Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5C49-7C92-0300-000100000000} . FILE :: "c:\windows\system32\drivers\xcpip.sys" "c:\windows\system32\drivers\xpsec.sys" . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip -------\Service_xpsec . . ((((((((((((((((((((((((( Files Creati Da 2011-05-06 al 2011-06-06 ))))))))))))))))))))))))))))))))))) . . 2011-06-06 16:52 . 2011-06-05 11:52 1860096 --sh--w- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\spoolsv.exe 2011-06-06 14:37 . 2011-06-06 14:37 388096 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-31 13:09 . 2011-05-31 13:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2011-05-05 13:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2011-05-05 13:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 10:22 . 2011-04-30 11:25 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-02 10:22 . 2011-04-30 11:25 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-19 15:28 . 1999-05-15 18:02 3224336 ----a-w- c:\windows\system32\VFP500.DLL 2011-04-19 15:28 . 1999-05-15 18:02 770560 ----a-w- c:\windows\system32\VFP5ENU.DLL . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-12 39408] "Microsoft Windows"="c:\documents and settings\Administrator\Dati applicazioni\Microsoft\spoolsv.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-08-21 2553088] "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768] "Google Update"="c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\GoogleUpdates.exe" [2011-06-05 1860096] "Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\ YoWindow.lnk - c:\programmi\YoWindow\yowindow.exe [2010-4-7 720384] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872] R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632] R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [05/05/2011 15.06.33 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/05/2011 15.06.25 22712] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [12/11/2010 18.55.57 136176] S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?] S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [12/11/2010 18.55.57 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/05/2011 15.06.33 39984] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [21/06/2009 14.17.13 31872] S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872] S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [07/10/2006 0.40.08 129535] . --- Altri Servizi/Drivers In Memoria --- . *Deregistered* - xcpip *Deregistered* - xpsec . Contenuto della cartella 'Scheduled Tasks' . 2011-06-06 c:\windows\Tasks\GlaryInitialize.job - c:\programmi\Glary Utilities\initialize.exe [2010-03-06 18:44] . 2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-12 16:55] . 2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-12 16:55] . 2011-06-06 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07] . 2011-06-06 c:\windows\Tasks\PandaUSBVaccine.job - c:\programmi\Panda USB Vaccine\RunInteractiveWin.exe [2010-03-07 15:45] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.com/ig?hl=it uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-06 18:54 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\S-1-5-21-1220945662-706699826-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,01,5b,01,eb,f0,27,4b,9e,e3,7c,\ "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,9b,c5,9b,0a,0b,43,41,81,d7,fc,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,01,5b,01,eb,f0,27,4b,9e,e3,7c,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'winlogon.exe'(604) c:\programmi\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll . - - - - - - - > 'explorer.exe'(2660) c:\windows\system32\WININET.dll c:\programmi\Windows Media Player\wmpband.dll c:\windows\system32\webcheck.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\Avira\AntiVir Desktop\sched.exe c:\programmi\Panda USB Vaccine\USBVaccine.exe c:\programmi\Avira\AntiVir Desktop\avguard.exe c:\programmi\Java\jre6\bin\jqs.exe c:\programmi\Avira\AntiVir Desktop\avshadow.exe c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\oodag.exe c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Ora fine scansione: 2011-06-06 19:00:43 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2011-06-06 17:00 . Pre-Run: 138.004.180.992 byte disponibili Post-Run: 137.912.549.376 byte disponibili . - - End Of File - - 139FD699AF6E990FB8B4321D843977F4
  18. Ciao a tutti ho un serio problema con la scheda video(NVIDIA GeForce G105M) del mio pc(notebook hp pavilion dv6). Il problema si manifesta ogni volta che il gioco on line che utilizzo aggiorna la pacth. La prima volta che si è presentato il crash ho aggiornato i driver della scheda video e sembrava avessi risolto, ma in seguito, ad ogni nuovo aggiornamento del gioco mi ritrovo ad avere lo stesso problema , che sembra anche essere più serio. Allego schermata della notifica di errore che mi avvisa del problema. Grazie.
  19. Il gioco è Perfect World e il driver istallato è la versione 8.17.11.9716 del 29/03/2010. Scaricato dal sito ufficiale nvidia.
  20. Non si carica la posta elettronica si Tiscali, inoltre il pc è molto rallentato. Allego log hijackthis e log Malwarebyte's. vi ringrazio fin da ora
  21. Riverside sei un Mito grazie al tuo preziosissimo aiuto oltre ad aver risolto il problema che avevo ho praticamente un pc come nuovo, pulito , sicuro e veloce quanto basta. Sono sempre stata affezionata a questo forum dove mi hanno sempre aiutato a risolvere i guai del mio pc. Tutti molto gentili e preparati . Vi ringrazio tutti e in particolar modo Riverside gentilissimo molto paziente e soprattutto capacissimo.
  22. Disistallato il nod32 e convalida riuscita del Sistema Operativo. Il problema si verifica al mom,ento dell istallazione del service pack 3 mi esce questo errore: Codice errore: 0x87FF054F non so come risolvere. Grazie.
  23. Ho eseguito tutte le indicazioni da te consigliate allego log di hijackthis. Per quanto riguarda il sistema operativo e il nod 32 non ho la certezza, inoltre una curiosità: è normale che dopo aver lanciato il programma OTC by OldTimer e aver riavviato il pc come consigliato dallo stesso è sparito dal desktop e credo da tutto il pc? Inoltre le pegine internet mi escono sempre con triangolino giallo in basso a sinistra e con la dicitura Errore nella visualizzazione della pagina. Grazie della disponibilità