gianman

Utenti

Visualizza profilo Vedi la sua attività

Numero contenuti
87
Iscritto
November 6, 2007
Ultima visita
May 21, 2015

Tipo di contenuto

Tutte le attività

Profilo

Forum

Calendario

Blog

Downloads

Files

Gallery

Images

Tutti i contenuti di gianman

Pc Lente Laborioso Forse Malaware?

gianman ha aggiunto un topic in HiJackThis - Posta qui i Log

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:45:09, on 23/04/2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17728) Boot mode: Normal Running processes: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Windows\V0420Mon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe O4 - HKCU\..\Run: [search Protection] "C:\Users\Gianni\AppData\Roaming\Search Protection\SP.EXE" /autostart O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6E947845E1E6E078F3F4C3EE3D46F8A2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O8 - Extra context menu item: Aggiungere a AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.45\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: iRobinHood Partners Addon - {54E67346-EE5A-45B6-82AA-4F0BB28C79C2} - (no file) O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: Box Sync Update Service (BoxSyncUpdateService) - Box, Inc. - C:\Program Files\Box\Box Sync\SyncUpdaterService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Malware Protection - AV Security Software - C:\Windows\mlwps.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Privoxy (PrivoxyService) (PrivoxyService) - The Privoxy team - www.privoxy.org - C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9783 bytes
- April 23, 2015
- 2 risposte
Pc Lente Laborioso Forse Malaware?

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

ComboFix 15-04-28.01 - Gianni 04/05/2015 14:27:17.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4095.1355 [GMT 2:00] Eseguito da: c:\users\Gianni\Downloads\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Error Repair Professional c:\programdata\ntuser.pol c:\users\Gianni\AppData\Local\lollipop c:\users\Gianni\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\users\Gianni\AppData\Roaming\A9A.tmp c:\users\Gianni\AppData\Roaming\A9A.tmp.exe c:\users\Public\AlexaNSISPlugin.1828.dll c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\wpcap.dll . La copia infetta di c:\windows\system32\Services.exe è stata trovata e disinfettata ipristinata copia da - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Creati Da 2015-04-04 al 2015-05-04 ))))))))))))))))))))))))))))))))))) . . 2015-05-04 12:35 . 2015-05-04 12:35 -------- d-----w- c:\users\Ragazzi\AppData\Local emp 2015-05-04 12:35 . 2015-05-04 12:35 -------- d-----w- c:\users\Linda\AppData\Local emp 2015-05-04 12:35 . 2015-05-04 12:35 -------- d-----w- c:\users\Default\AppData\Local emp 2015-04-21 10:07 . 2015-04-21 10:07 -------- d-----w- c:\users\Gianni\AppData\Local\Skype 2015-04-21 10:07 . 2015-04-21 10:07 -------- d-----w- c:\program files (x86)\Common Files\Skype 2015-04-21 10:07 . 2015-04-21 10:07 -------- d-----r- c:\program files (x86)\Skype 2015-04-18 16:24 . 2015-04-18 16:24 -------- d-----w- c:\users\Ragazzi\AppData\Roaming\Steam 2015-04-18 16:22 . 2015-04-18 16:22 -------- d-----w- c:\users\Gianni\AppData\Roaming\Steam 2015-04-15 08:58 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys 2015-04-15 08:58 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-15 08:58 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-04-07 14:33 . 2015-04-07 14:34 -------- d-----w- c:\users\Gianni\AppData\Roaming\Apowersoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-29 11:12 . 2012-04-13 17:43 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-04-29 11:12 . 2012-01-26 16:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-04-15 09:46 . 2012-01-26 15:11 128913832 ----a-w- c:\windows\system32\MRT.exe 2015-03-30 13:25 . 2015-03-31 17:18 33856 ---ha-w- c:\windows\system32\hamachi.sys 2015-03-20 11:40 . 2015-02-27 10:11 73728 ----a-w- c:\windows\SysWow64 asks.dll 2015-03-17 04:56 . 2015-04-15 09:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-03-15 09:34 . 2015-03-15 09:34 228408 ----a-w- c:\windows\system32\drivers\droidcamvideo.sys 2015-03-15 09:34 . 2015-03-15 09:34 33080 ----a-w- c:\windows\system32\drivers\droidcam.sys 2015-03-12 10:59 . 2015-03-22 13:29 373864 ----a-w- c:\windows\system32\LavasoftTcpService64.dll 2015-03-12 10:58 . 2015-03-22 13:29 326288 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll 2015-03-10 16:54 . 2015-03-08 12:19 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2015-03-10 16:54 . 2015-03-08 12:19 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys 2015-03-10 16:54 . 2015-03-08 12:19 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-02-26 09:52 . 2015-02-26 09:52 239104 ----a-w- c:\windows\mlwps.exe 2015-02-26 03:25 . 2015-03-11 08:31 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-20 04:41 . 2015-03-11 08:32 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 08:32 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 08:32 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 08:32 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 08:32 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 08:32 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 08:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 08:32 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 08:32 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 08:32 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-16 15:20 . 2015-02-16 15:20 33856 ---ha-w- c:\windows\system32\drivers\hamachi.sys 2015-02-16 03:21 . 2015-03-06 13:09 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A32DE48D-C36A-417D-83D6-982955F8E383}\mpengine.dll 2015-02-13 05:22 . 2015-03-11 08:31 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-02-04 03:16 . 2015-03-11 08:30 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-02-04 02:54 . 2015-03-11 08:30 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_6E947845E1E6E078F3F4C3EE3D46F8A2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-04-28 812872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-04-07 726320] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-03-30 3978600] "Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-04-10 130048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . R0 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x] R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x] R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys;c:\windows\SYSNATIVE\Drivers\Ca1528av.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x] R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys;c:\windows\SYSNATIVE\Drivers\Bulk1528.sys [x] R3 cpuz134;cpuz134;c:\users\Gianni\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Gianni\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0461.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers erminpt.sys;c:\windows\SYSNATIVE\drivers erminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys;c:\windows\SYSNATIVE\drivers susbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers susbhub.sys;c:\windows\SYSNATIVE\drivers susbhub.sys [x] R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0420Vid.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 Live Malware Protection;Live Malware Protection;c:\windows\mlwps.exe;c:\windows\mlwps.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 PrivoxyService;Privoxy (PrivoxyService);c:\program files (x86)\Jelbrus Secure Web\privoxy.exe;c:\program files (x86)\Jelbrus Secure Web\privoxy.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\DRIVERS\droidcam.sys;c:\windows\SYSNATIVE\DRIVERS\droidcam.sys [x] S3 DroidCamVideo;DroidCam Source 3;c:\windows\system32\DRIVERS\droidcamvideo.sys;c:\windows\SYSNATIVE\DRIVERS\droidcamvideo.sys [x] S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-05-01 19:45 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe . Contenuto della cartella 'Scheduled Tasks' . 2015-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 11:12] . 2015-05-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000Core.job - c:\users\Gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 17:22] . 2015-05-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000UA.job - c:\users\Gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 17:22] . 2015-05-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1005Core.job - c:\users\Ragazzi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-06 19:07] . 2015-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1005UA.job - c:\users\Ragazzi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-06 19:07] . 2015-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1006Core.job - c:\users\Linda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-01 08:42] . 2015-05-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1006UA.job - c:\users\Linda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-01 08:42] . 2015-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef76396945453.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 11:17] . 2015-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 11:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ BoxSyncFileLocked] @="{9a216f5d-3530-3b1a-8006-9a1233402fba}" [HKEY_CLASSES_ROOT\CLSID\{9a216f5d-3530-3b1a-8006-9a1233402fba}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ BoxSyncNotSynced] @="{4c3d7a5e-7476-3c21-9717-0614ce209c44}" [HKEY_CLASSES_ROOT\CLSID\{4c3d7a5e-7476-3c21-9717-0614ce209c44}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ BoxSyncProblem] @="{aa0bacc8-a5df-34b0-acd8-e6739d92010e}" [HKEY_CLASSES_ROOT\CLSID\{aa0bacc8-a5df-34b0-acd8-e6739d92010e}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ BoxSyncSynced] @="{0f20db5b-365d-3cc6-82eb-41207f77bb71}" [HKEY_CLASSES_ROOT\CLSID\{0f20db5b-365d-3cc6-82eb-41207f77bb71}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c:\windows\system32\V0420Ext.ax"="c:\windows\system32\V0420Ext.ax" [X] "BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-11-13 5609176] . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = 00 mDefault_Search_URL = 00 mDefault_Page_URL = 00 mStart Page = 00 mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = 00 uInternet Settings,ProxyServer = 127.0.0.1:8118 IE: Aggiungere a AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.45\AMVConverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: {{54E67346-EE5A-45B6-82AA-4F0BB28C79C2} - {54E67346-EE5A-45B6-82AA-4F0BB28C79C2} - FF - ProfilePath - c:\users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\x06m84j9.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: keyword.URL - hxxps://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=614363&p= FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 009438de000000000000001e8c6f16a6 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15907 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.511:11 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - it FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119357&tl=4-8873-8580-180000000891127442-1325557895-1372926731-1375518731&tsp=4950 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: extensions.Softonic.hpOld0 - FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00010/tb_v1?SearchSource=1&cc=&mi=009438de000000000000001e8c6f16a6&toi=16049&q= FF - user.js: extensions.Softonic.id - 009438de000000000000001e8c6f16a6 FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D} FF - user.js: extensions.Softonic.instlDay - 16049 FF - user.js: extensions.Softonic.vrsn - 1.8.28.14 FF - user.js: extensions.Softonic.vrsni - 1.8.28.14 FF - user.js: extensions.Softonic.vrsnTs - 1.8.28.1414:08 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - 2013desingbrand FF - user.js: extensions.Softonic.instlRef - MOY00010 FF - user.js: extensions.Softonic.dfltLng - it FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.ffxUnstlRst - false FF - user.js: extensions.Softonic.admin - false FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic.rvrt - false FF - user.js: extensions.Softonic.hmpg - true FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00010/tb_v1?SearchSource=13&cc=&mi=009438de000000000000001e8c6f16a6&toi=16049 FF - user.js: extensions.Softonic.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00010/tb_v1?SearchSource=2&cc=&mi=009438de000000000000001e8c6f16a6&toi=16049&q= FF - user.js: extensions.Softonic.dnsErr - true FF - user.js: extensions.Softonic.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00010/tb_v1/?SearchSource=15&cc=&mi=009438de000000000000001e8c6f16a6&toi=16049 FF - user.js: extensions.irmysearch.aflt - vit_14_18 FF - user.js: extensions.irmysearch.instlRef - vit_14_18 FF - user.js: extensions.irmysearch.cr - 1797477874 FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyC0FtCyC0AyCtAzz0D0EtN0D0Tzu0SzzyByCtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1Czu2X1L2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StCyByB0F0D0DzzyEtG0EyB0ByCtG0DtB0CyBtGtD0D0DtAtGtD0Bzy0AtByE0C0AyD0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0ByD0F0D0CzztGzytAyC0BtGtCzy0EtCtGzztAyDyBtGtA0EtA0B0F0DtA0FtCyByBzy2Q . - - - - CHIAVI ORFANE RIMOSSE - - - - . Wow6432Node-HKCU-Run-Search Protection - c:\users\Gianni\AppData\Roaming\Search Protection\SP.EXE Wow6432Node-HKLM-Run-fst_it_55 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Search Protection - c:\users\Gianni\AppData\Roaming\Search Protection\uninstall.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias] @="" "0"="ActionsPane Schema for Add-Ins" . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe . ************************************************************************** . Ora fine scansione: 2015-05-04 14:44:23 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2015-05-04 12:44 . Pre-Run: 94.541.496.320 byte disponibili Post-Run: 99.973.988.352 byte disponibili . - - End Of File - - 72A85897219994C284D5A2C34A2AD1F6 A36C5E4F47E84449FF07ED3517B43A31
- May 4, 2015
- 2 risposte
Problemi Virus Lentezza Pc

gianman ha aggiunto un topic in HiJackThis - Posta qui i Log

Salve i miei figli mi hanno riempito il pc di così tanti virus che penso ci voglia un esorcista per salvarlo Ecco il log ma premetto che a metà scansione mi ha dato un messaggio d'errore Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:51:53, on 29/05/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Users\Ciao\AppData\Local\pgcchelper\pgcchelper.exe C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe C:\Program Files\Lenovo\LVT\LJYZ.exe C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe C:\Windows\V0420Mon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Ciao\Desktop\HiJackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1399431470&from=cor&uid=ST1000DM003-9YN162_S1D3CL10XXXXS1D3CL10&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1401051391&from=cor&uid=ST1000DM003-9YN162_S1D3CL10XXXXS1D3CL10&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O4 - HKLM\..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1 O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot O4 - HKLM\..\Run: [V0420Mon.exe] C:\windows\V0420Mon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Ciao\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\Ciao\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [pgcchelper] C:\Users\Ciao\AppData\Local\pgcchelper\pgcchelper.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FastbootService - 1206 Lab - C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10790 bytes
Pc Che Si Blocca

gianman ha aggiunto un topic in Windows 7

Salve, non so se questo è un problema di Win7 ma ho il pc che mi si blocca sempre tanto che o lo devo riavviare io o si riavvia da solo. Succede quando va in standby, oppure quando masterizzo su dvd o quando sposto dati di grandi dimensioni (almeno 2gb) verso una penna usb o hard disk esterno, da cosa può dipendere? Se faccio scandisk lo schermo dopo un po diventa tutto nero e lo devo ancora riavviare come se non avessi fatto niente. Succede anche se cambio HD esterno o se cambio porta usb. Buon 2013!!!
Pc Che Si Blocca

gianman ha risposto a gianman nel forum Windows 7

Devo aprire il pc? ci proverò ma non vorrei peggiorare la situazione
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha aggiunto un topic in HiJackThis - Posta qui i Log

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 05:12:52, on 19/12/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Windows\V0420Mon.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Public\Documents\AppData\PoApp\PService.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe C:\Program Files (x86)\Steam\GameOverlayUI.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\Downloads\HijackThis.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: uTorrentBar_IT - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Gianni\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files (x86)\Error Repair Professional\autostart.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}: NameServer = 176.31.229.24,176.31.229.25 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Gianni\AppData\Local\PosService\Pos.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Gianni\AppData\Local\ServUpdater\ServiceUpd.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Gianni\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12347 bytes
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

Il problema è che mi si blocca quando faccio trasferimento su grossi file verso un HD esterno o anche in fase di masterizzazione. Si blocca sempre lo devo riavviare
- December 24, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

Per ora tutto bene, rinnovo ringraziamenti calorosi, resta in zona
- December 20, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

Ho finito che devo postare qualcosa adesso?
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

sto facendo, intanto ti ringrazio per l'assistenza
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

# AdwCleaner v2.101 - Logfile creato il 19/12/2012 alle 15:10:46 # Aggiornamento 16/12/2012 by Xplode # Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits) # Utente : Gianni - GIANNI-PC # Modalità Avvio : Modalità Normale # Eseguito da : C:\Users\Gianni\Downloads\adwcleaner.exe # Opzioni [Elimina] ***** [servizi] ***** ***** [File / Cartelle] ***** Cartella Eliminato : C:\Program Files (x86)\Conduit Cartella Eliminato : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Cartella Eliminato : C:\Program Files (x86)\uTorrentBar_IT Cartella Eliminato : C:\ProgramData\Babylon Cartella Eliminato : C:\Users\Gianni\AppData\Local\Conduit Cartella Eliminato : C:\Users\Gianni\AppData\LocalLow\Conduit Cartella Eliminato : C:\Users\Gianni\AppData\LocalLow\uTorrentBar_IT Cartella Eliminato : C:\Users\Gianni\AppData\Roaming\Babylon Cartella Eliminato : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\x06m84j9.default\ConduitCommon Cartella Eliminato : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\x06m84j9.default\CT2851640 Cartella Eliminato : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\x06m84j9.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} Cartella Eliminato : C:\Users\Gianni\AppData\Roaming\OpenCandy File Eliminato : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Eliminato : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Eliminato : C:\user.js File Eliminato : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\cfl6pfir.default-1343600262549\searchplugins\browsemngr.xml ***** [Registro] ***** Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit Chiave Eliminata : HKCU\Software\AppDataLow\Software\Crossrider Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar Chiave Eliminata : HKCU\Software\AppDataLow\Software\uTorrentBar_IT Chiave Eliminata : HKCU\Software\AppDataLow\Toolbar Chiave Eliminata : HKCU\Software\Conduit Chiave Eliminata : HKCU\Software\Cr_Installer Chiave Eliminata : HKCU\Software\DataMngr Chiave Eliminata : HKCU\Software\DataMngr_Toolbar Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} Chiave Eliminata : HKCU\Software\Softonic Chiave Eliminata : HKCU\Software\SweetIM Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Chiave Eliminata : HKLM\Software\Babylon Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2851640 Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Chiave Eliminata : HKLM\Software\Conduit Chiave Eliminata : HKLM\Software\DataMngr Chiave Eliminata : HKLM\Software\Iminent Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{854145C6-B95A-408D-BE86-367DC393A219} Chiave Eliminata : HKLM\Software\SweetIM Chiave Eliminata : HKLM\Software\uTorrentBar_IT Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{854145C6-B95A-408D-BE86-367DC393A219} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EDC4984-32D3-4FE1-B0B9-9261CBEB111F} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E3B1241-7F57-46F7-9D95-0AF0676BC349} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_IT Toolbar Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}] Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}] ***** [browser Internet] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registro Pulito. -\\ Mozilla Firefox v17.0.1 (it) Nome Profilo : default File : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\x06m84j9.default\prefs.js C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\x06m84j9.default\user.js ... Eliminato ! Eliminata : user_pref("CT2851640..clientLogIsEnabled", false); Eliminata : user_pref("CT2851640..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Eliminata : user_pref("CT2851640..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Eliminata : user_pref("CT2851640.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Eliminata : user_pref("CT2851640.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Eliminata : user_pref("CT2851640.AppTrackingLastCheckTime", "Wed May 23 2012 08:14:38 GMT+0200 (ora legale Europ[...] Eliminata : user_pref("CT2851640.CTID", "CT2851640"); Eliminata : user_pref("CT2851640.CurrentServerDate", "29-7-2012"); Eliminata : user_pref("CT2851640.DSInstall", false); Eliminata : user_pref("CT2851640.DialogsAlignMode", "LTR"); Eliminata : user_pref("CT2851640.DialogsGetterLastCheckTime", "Fri Jul 27 2012 14:23:22 GMT+0200 (ora legale Eur[...] Eliminata : user_pref("CT2851640.DownloadReferralCookieData", ""); Eliminata : user_pref("CT2851640.EMailNotifierPollDate", "Fri Jul 27 2012 14:28:21 GMT+0200 (ora legale Europa o[...] Eliminata : user_pref("CT2851640.FeedLastCount6743962842994482530", 501); Eliminata : user_pref("CT2851640.FeedPollDate2429156812186649977", "Mon May 28 2012 11:50:42 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156813040823546", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156813130095866", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156813224203613", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156813230837251", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156813454291735", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156813729834876", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156813860870021", "Mon May 28 2012 11:50:42 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156814264681793", "Mon May 28 2012 11:50:42 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156814863075366", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedPollDate2429156815257761081", "Mon May 28 2012 11:50:41 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.FeedTTL2429156813040823546", 15); Eliminata : user_pref("CT2851640.FeedTTL2429156813130095866", 10); Eliminata : user_pref("CT2851640.FeedTTL2429156813454291735", 5); Eliminata : user_pref("CT2851640.FeedTTL2429156814264681793", 5); Eliminata : user_pref("CT2851640.FirstServerDate", "26-1-2012"); Eliminata : user_pref("CT2851640.FirstTime", false); Eliminata : user_pref("CT2851640.FirstTimeFF3", false); Eliminata : user_pref("CT2851640.FixPageNotFoundErrors", false); Eliminata : user_pref("CT2851640.GroupingServerCheckInterval", 1440); Eliminata : user_pref("CT2851640.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Eliminata : user_pref("CT2851640.HPInstall", false); Eliminata : user_pref("CT2851640.HasUserGlobalKeys", false); Eliminata : user_pref("CT2851640.HomePageProtectorEnabled", false); Eliminata : user_pref("CT2851640.HomepageBeforeUnload", "www.google.it"); Eliminata : user_pref("CT2851640.Initialize", false); Eliminata : user_pref("CT2851640.InitializeCommonPrefs", false); Eliminata : user_pref("CT2851640.InstallationAndCookieDataSentCount", 3); Eliminata : user_pref("CT2851640.InstallationId", "ConduitXPEIntegration"); Eliminata : user_pref("CT2851640.InstallationType", "ConduitXPEIntegration"); Eliminata : user_pref("CT2851640.InstalledDate", "Thu Jan 26 2012 17:39:17 GMT+0100 (ora solare Europa occidenta[...] Eliminata : user_pref("CT2851640.IsAlertDBUpdated", false); Eliminata : user_pref("CT2851640.IsGrouping", false); Eliminata : user_pref("CT2851640.IsInitSetupIni", false); Eliminata : user_pref("CT2851640.IsMulticommunity", false); Eliminata : user_pref("CT2851640.IsOpenThankYouPage", false); Eliminata : user_pref("CT2851640.IsOpenUninstallPage", false); Eliminata : user_pref("CT2851640.LanguagePackLastCheckTime", "Sun Jul 29 2012 11:06:44 GMT+0200 (ora legale Euro[...] Eliminata : user_pref("CT2851640.LanguagePackReloadIntervalMM", 1440); Eliminata : user_pref("CT2851640.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Eliminata : user_pref("CT2851640.LastLogin_3.10.0.1", "Wed Apr 18 2012 12:48:39 GMT+0200 (ora legale Europa occi[...] Eliminata : user_pref("CT2851640.LastLogin_3.12.0.7", "Fri Apr 27 2012 17:14:18 GMT+0200 (ora legale Europa occi[...] Eliminata : user_pref("CT2851640.LastLogin_3.12.2.3", "Wed May 30 2012 08:07:37 GMT+0200 (ora legale Europa occi[...] Eliminata : user_pref("CT2851640.LastLogin_3.13.0.6", "Tue Jul 17 2012 13:57:42 GMT+0200 (ora legale Europa occi[...] Eliminata : user_pref("CT2851640.LastLogin_3.14.1.0", "Sun Jul 29 2012 22:13:30 GMT+0200 (ora legale Europa occi[...] Eliminata : user_pref("CT2851640.LastLogin_3.9.0.3", "Thu Mar 08 2012 14:05:22 GMT+0100 (ora solare Europa occid[...] Eliminata : user_pref("CT2851640.LatestVersion", "3.14.1.0"); Eliminata : user_pref("CT2851640.Locale", "it"); Eliminata : user_pref("CT2851640.MCDetectTooltipHeight", "83"); Eliminata : user_pref("CT2851640.MCDetectTooltipShow", false); Eliminata : user_pref("CT2851640.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Eliminata : user_pref("CT2851640.MCDetectTooltipWidth", "295"); Eliminata : user_pref("CT2851640.MyStuffEnabledAtInstallation", false); Eliminata : user_pref("CT2851640.OriginalFirstVersion", "3.9.0.3"); Eliminata : user_pref("CT2851640.SHRINK_TOOLBAR", 1); Eliminata : user_pref("CT2851640.SearchCaption", "uTorrentBar_IT Customized Web Search"); Eliminata : user_pref("CT2851640.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Eliminata : user_pref("CT2851640.SearchFromAddressBarIsInit", false); Eliminata : user_pref("CT2851640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...] Eliminata : user_pref("CT2851640.SearchInNewTabEnabled", false); Eliminata : user_pref("CT2851640.SearchInNewTabIntervalMM", 1440); Eliminata : user_pref("CT2851640.SearchInNewTabLastCheckTime", "Sun Jul 29 2012 11:06:52 GMT+0200 (ora legale Eu[...] Eliminata : user_pref("CT2851640.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Eliminata : user_pref("CT2851640.SearchProtectorEnabled", false); Eliminata : user_pref("CT2851640.SearchProtectorToolbarDisabled", false); Eliminata : user_pref("CT2851640.SendProtectorDataViaLogin", false); Eliminata : user_pref("CT2851640.ServiceMapLastCheckTime", "Sun Jul 29 2012 11:06:52 GMT+0200 (ora legale Europa[...] Eliminata : user_pref("CT2851640.SettingsLastCheckTime", "Sun Jul 29 2012 22:04:42 GMT+0200 (ora legale Europa o[...] Eliminata : user_pref("CT2851640.SettingsLastUpdate", "1342353865"); Eliminata : user_pref("CT2851640.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851640&SearchSource=13"); Eliminata : user_pref("CT2851640.ThirdPartyComponentsInterval", 504); Eliminata : user_pref("CT2851640.ThirdPartyComponentsLastCheck", "Sun Jul 15 2012 11:24:54 GMT+0200 (ora legale [...] Eliminata : user_pref("CT2851640.ThirdPartyComponentsLastUpdate", "1331806005"); Eliminata : user_pref("CT2851640.ToolbarDisabled", false); Eliminata : user_pref("CT2851640.ToolbarShrinkedFromSetup", false); Eliminata : user_pref("CT2851640.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851640"); Eliminata : user_pref("CT2851640.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Eliminata : user_pref("CT2851640.UserID", "UN56960296296813533"); Eliminata : user_pref("CT2851640.ValidationData_Search", 2); Eliminata : user_pref("CT2851640.ValidationData_Toolbar", 2); Eliminata : user_pref("CT2851640.WeatherNetwork", ""); Eliminata : user_pref("CT2851640.WeatherPollDate", "Sun Jul 29 2012 22:43:52 GMT+0200 (ora legale Europa occiden[...] Eliminata : user_pref("CT2851640.WeatherUnit", "C"); Eliminata : user_pref("CT2851640.alertChannelId", "1243675"); Eliminata : user_pref("CT2851640.approveUntrustedApps", false); Eliminata : user_pref("CT2851640.autoDisableScopes", -1); Eliminata : user_pref("CT2851640.backendstorage.cb_experience_000", "3935"); Eliminata : user_pref("CT2851640.backendstorage.cb_firstuse0100", "31"); Eliminata : user_pref("CT2851640.backendstorage.cb_user_id_000", "43423233313131303938393730335F46697265666F78")[...] Eliminata : user_pref("CT2851640.backendstorage.cbcountry_000", "5553"); Eliminata : user_pref("CT2851640.backendstorage.cbcountry_001", "4954"); Eliminata : user_pref("CT2851640.backendstorage.cbfirsttime", "546875204A616E20323620323031322031373A33393A35342[...] Eliminata : user_pref("CT2851640.backendstorage.facebook_mode", "32"); Eliminata : user_pref("CT2851640.backendstorage.facebook_user_locale", "6974"); Eliminata : user_pref("CT2851640.backendstorage.pairingkey", "36324533344442303832373037434639374442454333423743[...] Eliminata : user_pref("CT2851640.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...] Eliminata : user_pref("CT2851640.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E69742F757[...] Eliminata : user_pref("CT2851640.backendstorage.uttorrents", "7B226275696C64223A32373232302C226C6162656C223A5B5D[...] Eliminata : user_pref("CT2851640.components.1000034", false); Eliminata : user_pref("CT2851640.components.1000234", false); Eliminata : user_pref("CT2851640.components.129351530189806964", false); Eliminata : user_pref("CT2851640.components.129351530189806965", false); Eliminata : user_pref("CT2851640.components.129422838925300967", false); Eliminata : user_pref("CT2851640.components.6743962842994482530", false); Eliminata : user_pref("CT2851640.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Eliminata : user_pref("CT2851640.globalFirstTimeInfoLastCheckTime", "Fri Jul 27 2012 17:08:18 GMT+0200 (ora lega[...] Eliminata : user_pref("CT2851640.homepageProtectorEnableByLogin", false); Eliminata : user_pref("CT2851640.initDone", false); Eliminata : user_pref("CT2851640.isAppTrackingManagerOn", false); Eliminata : user_pref("CT2851640.myStuffEnabled", false); Eliminata : user_pref("CT2851640.myStuffPublihserMinWidth", 400); Eliminata : user_pref("CT2851640.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Eliminata : user_pref("CT2851640.myStuffServiceIntervalMM", 1440); Eliminata : user_pref("CT2851640.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Eliminata : user_pref("CT2851640.oldAppsList", "129351530187150545,129351530187463046,1000234,129791410467997787[...] Eliminata : user_pref("CT2851640.revertSettingsEnabled", false); Eliminata : user_pref("CT2851640.searchProtectorDialogDelayInSec", 10); Eliminata : user_pref("CT2851640.searchProtectorEnableByLogin", false); Eliminata : user_pref("CT2851640.testingCtid", ""); Eliminata : user_pref("CT2851640.toolbarAppMetaDataLastCheckTime", "Sun Jul 29 2012 11:06:52 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.toolbarContextMenuLastCheckTime", "Sun Jul 29 2012 13:53:19 GMT+0200 (ora legal[...] Eliminata : user_pref("CT2851640.usagesFlag", 2); Eliminata : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851640/CT2851640[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243675/1239348/IT", "\"0\"[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851640", [...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851640",[...] Eliminata : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=it", "\"b6a[...] Eliminata : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Gianni\\AppData\\Roaming\\Mozilla\\[...] Eliminata : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Eliminata : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...] Eliminata : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...] Eliminata : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Eliminata : user_pref("CommunityToolbar.ToolbarsList", "CT2851640"); Eliminata : user_pref("CommunityToolbar.ToolbarsList2", "CT2851640"); Eliminata : user_pref("CommunityToolbar.ToolbarsList4", "CT2851640"); Eliminata : user_pref("CommunityToolbar.facebook.sessionKey", "2.AQDv2aR_zM1knlt6.86400.1328533200.0-10000296617[...] Eliminata : user_pref("CommunityToolbar.facebook.sessionSecret", "GaqZBb0td5UXiC8lMJtXaw__"); Eliminata : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Apr 18 2012 12:48:35 GMT+0200 (ora[...] Eliminata : user_pref("CommunityToolbar.facebook.userId", "100002966177461"); Eliminata : user_pref("CommunityToolbar.globalUserId", "1f4e4c81-e32e-4249-a6d6-65f303a53fcc"); Eliminata : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", false); Eliminata : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", false); Eliminata : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851640"); Eliminata : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 29 2012 18:02:4[...] Eliminata : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Eliminata : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jul 29 2012 11:07:01 GMT+020[...] Eliminata : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Eliminata : user_pref("CommunityToolbar.notifications.locale", "en"); Eliminata : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Eliminata : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 29 2012 11:06:52 GMT+0200 (o[...] Eliminata : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Eliminata : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Eliminata : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Eliminata : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Eliminata : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Eliminata : user_pref("CommunityToolbar.notifications.userId", "a87f378d-aa3c-4af4-a03c-bc0302227cfd"); Eliminata : user_pref("CommunityToolbar.originalHomepage", "www.google.it"); Eliminata : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Eliminata : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Eliminata : user_pref("extensions.BabylonToolbar.admin", false); Eliminata : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Eliminata : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Eliminata : user_pref("extensions.BabylonToolbar.excTlbr", false); Eliminata : user_pref("extensions.BabylonToolbar.id", "009438de000000000000001e8c6f16a6"); Eliminata : user_pref("extensions.BabylonToolbar.instlDay", "15547"); Eliminata : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Eliminata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Eliminata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Eliminata : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Eliminata : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q="); Eliminata : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); Eliminata : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); Eliminata : user_pref("extensions.BabylonToolbar_i.babExt", ""); Eliminata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=3012_2"); Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", false); Eliminata : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109217&tt=3012_[...] Eliminata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Eliminata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.118:41:18"); Nome Profilo : default-1343600262549 [Profil par défaut] File : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\cfl6pfir.default-1343600262549\prefs.js C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\cfl6pfir.default-1343600262549\user.js ... Eliminato ! Eliminata : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Eliminata : user_pref("extensions.BabylonToolbar.admin", false); Eliminata : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Eliminata : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Eliminata : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Eliminata : user_pref("extensions.BabylonToolbar.excTlbr", false); Eliminata : user_pref("extensions.BabylonToolbar.id", "009438de000000000000001e8c6f16a6"); Eliminata : user_pref("extensions.BabylonToolbar.instlDay", "15656"); Eliminata : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Eliminata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Eliminata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Eliminata : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Eliminata : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Eliminata : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); Eliminata : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", true); Eliminata : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=117223&tt=4612_[...] Eliminata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:12:25"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File Pulito. ************************* AdwCleaner[s1].txt - [27149 octets] - [19/12/2012 15:10:46] ########## EOF - C:\AdwCleaner[s1].txt - [27210 octets] ##########
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

All processes killed ========== OTL ========== No active process named PService.exe was found! Service SoftwareUpd stopped successfully! Service SoftwareUpd deleted successfully! C:\Users\Gianni\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe moved successfully. Service PowerOffer Service stopped successfully! Service PowerOffer Service deleted successfully! C:\Users\Gianni\AppData\Local\PosService\Pos.exe moved successfully. Service ServUpdater stopped successfully! Service ServUpdater deleted successfully! C:\Users\Gianni\AppData\Local\ServUpdater\ServiceUpd.exe moved successfully. Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}\\NameServer| /E : value set successfully! HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer| /E : value set successfully! ADS C:\ProgramData\TEMP:5E73E1C2 deleted successfully. ADS C:\ProgramData\TEMP:363E775E deleted successfully. ========== FILES ========== C:\Users\Gianni\AppData\Local\PosService\settings folder moved successfully. C:\Users\Gianni\AppData\Local\PosService folder moved successfully. C:\Users\Gianni\AppData\Local\PowerOffer folder moved successfully. C:\Users\Gianni\AppData\Local\ServUpdater\settings folder moved successfully. C:\Users\Gianni\AppData\Local\ServUpdater folder moved successfully. C:\Users\Gianni\AppData\Local\SoftwareUpdater\settings folder moved successfully. C:\Users\Gianni\AppData\Local\SoftwareUpdater folder moved successfully. C:\Users\Gianni\AppData\Local\unins000.exe moved successfully. C:\Users\Gianni\AppData\Local\unins000.dat moved successfully. < ipconfig /flushdns /c > Configurazione IP di Windows Cache del resolver DNS svuotata. C:\Users\Gianni\Downloads\cmd.bat deleted successfully. C:\Users\Gianni\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gianni ->Temp folder emptied: 2108364378 bytes ->Temporary Internet Files folder emptied: 184794202 bytes ->Java cache emptied: 2232146 bytes ->FireFox cache emptied: 141718029 bytes ->Google Chrome cache emptied: 184533758 bytes ->Flash cache emptied: 550 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 259344486 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67740 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.748,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12192012_150011 Files\Folders moved on Reboot... C:\Users\Gianni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Gianni\AppData\Local\Temp\~DF629A8C8969F70140.TMP not found! File\Folder C:\Users\Gianni\AppData\Local\Temp\~DFD67D22B67C1A885F.TMP not found! File\Folder C:\Users\Gianni\AppData\Local\Temp\~PIE7C7.tmp not found! File\Folder C:\Users\Gianni\AppData\Local\Temp\~PIE7C8.tmp not found! File\Folder C:\Users\Gianni\AppData\Local\Temp\~PIE8A5.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

OTL Extras logfile created on: 19/12/2012 13:40:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianni\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 20,96% Memory free 8,00 Gb Paging File | 2,37 Gb Available in Paging File | 29,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 95,80 Gb Free Space | 49,05% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 425,08 Gb Free Space | 57,74% Space Free | Partition Type: NTFS Computer Name: GIANNI-PC | User Name: Gianni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0803AE82-1903-4953-93F0-88EE466CF7CF}" = rport=139 | protocol=6 | dir=out | app=system | "{187326E0-9CCE-4490-A626-B5943E907322}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1936D248-76E6-4509-A10B-9C4C221EB8CD}" = lport=138 | protocol=17 | dir=in | app=system | "{1F0AF96C-EAC2-435A-8A1D-4C68716D2901}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{28998700-32D9-4C5E-B8C6-1C3C1BDB2F7D}" = lport=2869 | protocol=6 | dir=in | app=system | "{2F0A8AC2-0570-4A36-9450-1E60259F9631}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2F58ECC2-DD95-48F7-99B8-B7E1A38B5421}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{39748C2F-D4D5-4252-B639-FDADF9FFA9A8}" = lport=139 | protocol=6 | dir=in | app=system | "{3A6F9CB6-DC80-4463-8727-7DAE07485520}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45B8842F-5D3C-4400-87D9-A4286A4FFC75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4A459D3E-97AE-41D4-B3A6-A7372FE63F41}" = rport=138 | protocol=17 | dir=out | app=system | "{5ED6A917-52BD-4FE4-B276-1D48B4513B7D}" = rport=10243 | protocol=6 | dir=out | app=system | "{652CF442-A9BE-4C71-A72B-F66E18BB19AE}" = rport=445 | protocol=6 | dir=out | app=system | "{656C6209-609A-47E0-8F7E-A94C290CBCA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{802EBE90-CD51-4147-B2CF-890109024209}" = lport=10243 | protocol=6 | dir=in | app=system | "{80D2480B-F15E-4C09-B4A5-077A9629A7E2}" = lport=137 | protocol=17 | dir=in | app=system | "{907EB076-FF44-4089-B958-2E1F4F3CDF3C}" = lport=445 | protocol=6 | dir=in | app=system | "{95C79019-8F13-44E5-82C8-C01B0B4220EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A4F40691-1679-470D-8923-9C545F7EA7EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B19CA567-BE0A-469E-BD17-BD1D197C38BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CED48894-C05D-4170-9DDD-4565E902534A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{D316B413-EDC9-4AAE-A5B7-4D4DF82796C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EAE2BE10-432F-4A66-B548-CAC4100F4770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED7F9B8C-21DD-4331-BA9A-36E917050364}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F2E3826D-B444-48A5-8D53-BCAEF1ED4B98}" = rport=137 | protocol=17 | dir=out | app=system | "{FB900B20-573D-44DF-8291-5D64478969F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0142AF90-C16A-4BD1-9D2A-C0153B723A6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{05AD542F-F65F-4051-958B-D5C3825D313F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{08228FA9-F960-496E-89D4-B405F72D7FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{12D51294-26E1-4FAF-A44D-7E76F14050D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1B9D90C2-1729-46E4-89EF-B04435609E95}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1FC2EAAE-731A-4E6F-ABF0-056981B4A0AC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{23CDD1A9-B6F6-45E9-9B34-9A8FAE5472D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{263DC768-9906-4751-BC49-9B46AA9839F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{26729BF7-DA8B-42D7-99A6-5ABA2AACEE00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 resource archiver\resource archiver.exe | "{2A7EE6D8-7ACD-4D56-8C19-0E13F78FE793}" = protocol=6 | dir=out | app=system | "{2B5626AA-09BD-4592-8EF4-7C084706158F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2BB117DF-665D-4D3F-9088-F15548BE0107}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3106D60D-D135-42E8-8624-1173FA553526}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{382E8C93-221D-4C64-A11B-086E5793B745}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3E52E13F-D4E9-4344-A5AC-999AA833C52B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3F578A10-2D4C-4951-9147-B7FB7C24C846}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe | "{3FAD5162-273E-428E-8B7B-0699413E3B46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 resource archiver\resource archiver.exe | "{4906EA1C-C62C-46CA-B53D-1CEDBE6B6554}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{555FB3AC-F6E1-48FD-A1D6-104454B796EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{592BFE74-229B-47DF-A175-D84CD978865B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5B01FBBE-66B6-44AF-AF97-7CB00F15E644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{651EFC58-36D5-488B-91BF-7B5ACDF9DD20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{66C35BA0-3624-44F0-9228-D0436F76101C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 editor\editor.exe | "{700ED68A-3A58-4224-8E0C-0CC061796486}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7EF9918D-C6B9-4BBE-A75A-FFD20EA800F0}" = dir=in | app=c:\users\gianni\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{7FF7713C-E346-43FB-AEF2-1BA030D35AEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{84EEF122-6915-4C5B-B4A8-0D552A612A4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8EC7146C-EBD6-4F89-88CE-38D8D7B5EC3E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AD92F434-0D9D-4EA1-B55C-CE376B5307E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C12224E6-6932-4C03-91F4-0345ED426B99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C48BCC3D-BD19-4499-A16B-B5BFA8314B29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 editor\editor.exe | "{CF081CA9-D75B-4D9E-8AEF-305FDD463548}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{D2B84192-83E4-40DE-9E86-531034E7D123}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe | "{F8FD076A-2038-46F6-B337-DC63F0DAF5EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA764038-B1E0-455A-9FC7-80A975B82B30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{13D99FDD-E507-4227-B8D9-2D949FD17389}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "TCP Query User{21285A39-92F4-463F-A513-DE623C2A01D6}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe | "TCP Query User{272AC4C2-8868-4770-8EAF-AC00AFB8FC66}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "TCP Query User{276DF23F-7014-4A27-9A52-894207646B7E}D: mnationsforever mforever.exe" = protocol=6 | dir=in | app=d: mnationsforever mforever.exe | "TCP Query User{2E1AE588-CEDD-414A-A6C6-C2E7194BC017}D:\fifa13\game\game\fifa13.exe" = protocol=6 | dir=in | app=d:\fifa13\game\game\fifa13.exe | "TCP Query User{3CF66FF0-2BCA-4688-9F70-51B2FBA1BE4D}D:\ea sport\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\ea sport\fifa 12\game\fifa.exe | "TCP Query User{4FE4F985-0657-49FD-B21A-77F3E9CEF101}D: mnationsforever mforever.exe" = protocol=6 | dir=in | app=d: mnationsforever mforever.exe | "TCP Query User{A978FB32-A665-4441-9704-8A5CF0BBE1D1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{CA8DC527-B577-4DE7-B9FF-21357B35D93C}C:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{E0260065-7735-45A2-926C-5D772FAD4DE9}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "UDP Query User{05620D2E-FEF5-4909-AF57-A84AF80B6DA3}D:\fifa13\game\game\fifa13.exe" = protocol=17 | dir=in | app=d:\fifa13\game\game\fifa13.exe | "UDP Query User{374E5F1F-6E50-4C16-ACE2-D239D367DF42}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "UDP Query User{3CE44F98-EB83-4516-B41D-24239F9D0D66}D: mnationsforever mforever.exe" = protocol=17 | dir=in | app=d: mnationsforever mforever.exe | "UDP Query User{49E1CE12-F2BB-493A-BCDF-42AAAC543074}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "UDP Query User{5AE796F9-E889-46C2-A9A8-A90627EB92F6}C:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{687D5421-9790-4923-8114-A99B93BFF414}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe | "UDP Query User{869817CD-687A-4736-9AA1-4143EF5D4DAA}D: mnationsforever mforever.exe" = protocol=17 | dir=in | app=d: mnationsforever mforever.exe | "UDP Query User{A0E02C3F-DEE0-4F79-8DA1-A13E31AF602E}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "UDP Query User{A1224D47-03B2-4C32-9A96-255C95E26591}D:\ea sport\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\ea sport\fifa 12\game\fifa.exe | "UDP Query User{FDD2AD1B-CE74-4400-9A9B-D4DA2A7E2A41}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0 "{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver "{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Supporto applicazioni Apple "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK "{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese "{7F92FF5F-C7EA-40BA-9481-02B6B4479C93}" = calibre "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center "{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010 "{90140000-0015-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010 "{90140000-0016-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2010 "{90140000-0017-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{71D73EA6-F837-4368-B9D2-10D0D112ED74}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010 "{90140000-0018-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010 "{90140000-0019-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010 "{90140000-001A-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010 "{90140000-001B-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.it-it_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.it-it_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.it-it_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0410-1000-0000000FF1CE}_Office14.OMUI.it-it_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010 "{90140000-002C-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010 "{90140000-0044-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010 "{90140000-006E-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010 "{90140000-00A1-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010 "{90140000-00BA-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2010 "{90140000-0100-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{2C8C6BB6-81E2-407E-9780-FD04147198ED}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2010 "{90140000-0101-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{645C632B-EE9F-43B0-87E1-2546E9232C7F}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech "{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish "{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish "{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Italiano "{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard "{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode versione 3.1.1.8 "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish "{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "1ClickDownload" = 1ClickDownloader "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "BFGC" = Big Fish Games: Game Manager "BFG-Grim Tales - La sposa" = Grim Tales: La sposa "BFG-Grim Tales - Maledizione di famiglia" = Grim Tales: Maledizione di famiglia "Freemake Video Converter_is1" = Freemake Video Converter versione 3.1.2 "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "Mozilla Firefox 17.0.1 (x86 it)" = Mozilla Firefox 17.0.1 (x86 it) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.OMUI.it-it" = Microsoft Office Language Pack 2010 - Italian/Italiano "Office14.STANDARD" = Microsoft Office Standard 2010 "PowerISO" = PowerISO "RealPlayer 15.0" = RealPlayer "Steam App 207890" = Football Manager 2013 "Steam App 220600" = Football Manager 2013 Editor "Steam App 220620" = Football Manager 2013 Resource Archiver "uTorrent" = µTorrent "uTorrentBar_IT Toolbar" = uTorrentBar_IT Toolbar "VirtualCloneDrive" = VirtualCloneDrive "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.10 (32-bit) "XP Codec Pack" = XP Codec Pack ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1539135573-1650222560-1094068503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Octoshape Streaming Services" = Octoshape Streaming Services "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19/07/2012 04:51:15 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 19/07/2012 07:19:05 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 19/07/2012 07:58:56 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 19/07/2012 11:57:28 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 02:42:05 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 04:31:08 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 05:14:45 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 07:54:14 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 10:12:14 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 11:16:58 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 10/06/2012 01:42:21 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 07:42:21 - Errore di connessione a Internet. 07:42:21 - Impossibile contattare il server.. Error - 10/06/2012 01:42:30 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 07:42:26 - Errore di connessione a Internet. 07:42:26 - Impossibile contattare il server.. Error - 04/07/2012 02:29:21 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 08:29:21 - Errore di connessione a Internet. 08:29:21 - Impossibile contattare il server.. Error - 04/07/2012 02:29:31 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 08:29:26 - Errore di connessione a Internet. 08:29:26 - Impossibile contattare il server.. Error - 19/07/2012 03:05:22 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 09:05:22 - Errore di connessione a Internet. 09:05:22 - Impossibile contattare il server.. [ System Events ] Error - 18/12/2012 11:29:59 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7026 Description = All'avvio non è stato possibile caricare i seguenti driver: ArcSec Error - 18/12/2012 14:38:41 | Computer Name = Gianni-PC | Source = Microsoft-Windows-Diagnostics-Networking | ID = 5300 Description = Framework di diagnostica di rete: impossibile completare la fase di ripristino dell'operazione. Errore. È stata generata una segnalazione errore di Windows. [2147942487] Error - 19/12/2012 00:01:39 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7000 Description = Il servizio SPCA1528 Video Camera Service non è stato avviato per il seguente errore: %%2 Error - 19/12/2012 00:03:15 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 19/12/2012 00:03:15 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Serv Updater bloccato in partenza. Error - 19/12/2012 00:03:15 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7026 Description = All'avvio non è stato possibile caricare i seguenti driver: ArcSec Error - 19/12/2012 03:05:01 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7000 Description = Il servizio SPCA1528 Video Camera Service non è stato avviato per il seguente errore: %%2 Error - 19/12/2012 03:06:36 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 19/12/2012 03:06:36 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Serv Updater bloccato in partenza. Error - 19/12/2012 03:06:36 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7026 Description = All'avvio non è stato possibile caricare i seguenti driver: ArcSec < End of report >
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

OTL logfile created on: 19/12/2012 13:40:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianni\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 20,96% Memory free 8,00 Gb Paging File | 2,37 Gb Available in Paging File | 29,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 95,80 Gb Free Space | 49,05% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 425,08 Gb Free Space | 57,74% Space Free | Partition Type: NTFS Computer Name: GIANNI-PC | User Name: Gianni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gianni\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe (Sports Interactive) PRC - C:\Program Files (x86)\Steam\GameOverlayUI.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Public\Documents\AppData\PoApp\PService.exe (PService) PRC - C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) PRC - C:\Windows\V0420Mon.exe (Creative Technology Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll () MOD - C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\IntelLaptopGamingVista.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SoftwareUpd) -- C:\Users\Gianni\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (PowerOffer Service) -- C:\Users\Gianni\AppData\Local\PosService\Pos.exe (PowerOfferService) SRV - (ServUpdater) -- C:\Users\Gianni\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd) SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 33 EB E6 30 DC CC 01 [binary data] IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r= IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=117223&tt=4612_5&babsrc=SP_ss&mntrId=009438de000000000000001e8c6f16a6 IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3FB49B8C-2FCC-44F5-AA97-A17D3A8AF311}&mid=2a05b754417347d19945d157ca8bff55-5a4473c1cc9e44870379b5564e7119bd1325dc1d〈=en&ds=ir011&pr=sa&d=2012-02-04 21:44:17&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://www.google.it/" FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6 FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gianni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gianni\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gianni\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gianni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/15 15:42:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/11/28 08:43:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/09 14:57:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/09 14:56:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/09 14:57:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/09 14:56:57 | 000,000,000 | ---D | M] [2012/01/26 15:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Extensions [2012/07/26 17:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions [2012/10/23 16:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\cfl6pfir.default-1343600262549\extensions [2012/10/07 08:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\x06m84j9.default\extensions [2012/07/17 15:53:03 | 000,000,000 | ---D | M] (uTorrentBar_IT Community Toolbar) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\x06m84j9.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} [2012/07/26 17:40:47 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\x06m84j9.default\extensions\OneClickDownload@OneClickDownload.com [2012/10/07 08:13:32 | 000,002,547 | ---- | M] () -- C:\Users\Gianni\AppData\Roaming\mozilla\firefox\profiles\cfl6pfir.default-1343600262549\searchplugins\browsemngr.xml [2012/12/09 14:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/12/09 14:57:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/12/09 14:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2012/11/28 08:43:37 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2012/08/15 15:42:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/12/09 14:57:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2012/07/27 21:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012/08/15 15:42:38 | 000,150,736 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012/08/15 15:42:54 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012/08/15 15:42:31 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012/12/09 14:56:59 | 000,001,606 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml [2012/02/04 21:44:13 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/11/12 18:12:04 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/08/30 18:41:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/12/09 14:56:59 | 000,000,957 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml [2012/08/30 18:41:12 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2012/12/09 14:56:59 | 000,001,030 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml [2012/12/09 14:56:59 | 000,001,395 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml [2012/12/09 14:56:59 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml ========== Chrome ========== CHR - homepage: https://www.google.it/webhp?hl=it&tab=ww CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: https://www.google.it/webhp?hl=it&tab=ww CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Gianni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Gianni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Freemake Video Converter = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Gmail = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: OneClickDownload = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.2_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (uTorrentBar_IT Toolbar) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Guida per l'accesso a Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (uTorrentBar_IT Toolbar) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000..\Run: [ErrorRepairPro] C:\Program Files (x86)\Error Repair Professional\autostart.exe File not found O4 - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000..\Run: [Facebook Update] C:\Users\Gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000..\Run: [Google Update] C:\Users\Gianni\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000..\Run: [Octoshape Streaming Services] C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-21-1539135573-1650222560-1094068503-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter ext/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64 spkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012/12/19 06:58:08 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{89177569-C3B4-46CA-BF5D-490D2E5297AE} [2012/12/18 18:57:41 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2E70FD3D-D3DA-4703-BF41-07286621B60B} [2012/12/18 06:18:16 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{BC5B1F3C-B055-43A6-9844-BBCB70E6562A} [2012/12/17 18:17:50 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{DBED45C9-645A-45C1-9813-E4C0853EF0E7} [2012/12/17 06:16:05 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{22DAE3C0-273A-45F0-9DD1-BA68AD679E59} [2012/12/16 11:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/12/16 11:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/12/16 11:04:35 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/12/16 11:04:34 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/12/16 11:04:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/16 11:04:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/16 11:04:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/16 11:04:22 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/16 11:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/12/16 08:13:38 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2992A1C1-0C36-42E1-8F8F-91C25150C1AA} [2012/12/15 13:46:58 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\Programs [2012/12/15 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\ArcSoft [2012/12/15 13:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft [2012/12/15 13:45:24 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL [2012/12/15 13:39:55 | 040,384,592 | ---- | C] (ArcSoft ) -- C:\Users\Gianni\Desktop\photostudio6_retail_tbyb_all-6.0.0.157.exe [2012/12/15 13:27:23 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\ArcSoft [2012/12/15 13:27:17 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\ArcSoft [2012/12/15 13:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft [2012/12/15 09:23:10 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{CA502B37-CBEF-46B2-A309-BACF71E7C691} [2012/12/14 10:15:06 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{6EA8E82D-1E14-4D2F-B73C-C28969C5D91A} [2012/12/13 09:55:25 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{1614D51D-C122-4881-A540-38D8C843D6E9} [2012/12/12 10:22:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/12 10:22:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/12 10:22:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/12 10:22:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/12 10:22:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/12 10:22:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/12 09:00:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{C67B3B50-2165-40F3-BD64-E493F655FF64} [2012/12/12 06:13:04 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/12 06:13:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/12 06:12:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/12 06:12:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/12 06:12:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/12 06:12:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/12 06:12:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/12 06:12:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 06:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 06:12:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/12 06:12:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/12 06:12:17 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/11 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{9343CD7B-4831-4C37-8B1B-D44CF175A6E3} [2012/12/11 12:11:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\Glenn Cooper - 06 - Il Tempo Della Verita [2012/12/11 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{5CABCFD2-52A6-4F87-932F-BA54C781EEC0} [2012/12/10 20:59:09 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{978B2FAA-A974-4C1C-BB4C-17C2F57F441A} [2012/12/10 06:28:01 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{D8FA9B7F-03FD-4D79-9F4A-ECD79FE85DAE} [2012/12/09 14:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/09 09:01:19 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{56B23AC3-9F0B-41FC-A9D9-FE02E551E61B} [2012/12/08 10:43:50 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{D1D6B951-5E7A-424C-809D-E14A9BB047EB} [2012/12/08 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{EAF54CC2-781B-410F-B38B-6D849AF25DAD} [2012/12/07 09:50:34 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{39A1F395-A145-4460-931A-D50DA8C3D2DC} [2012/12/07 09:15:59 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{6CF0F7A9-2D78-46A5-821B-CFDEA2189037} [2012/12/07 09:12:36 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{DA639BFA-A3B2-4C79-A7FF-E39CC7B178AD} [2012/12/06 08:16:16 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E13AB49C-BBF1-4A3B-BBC0-33F4985E139F} [2012/12/05 06:13:50 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{0065A979-1F36-4329-9F71-14848AD9934F} [2012/12/04 10:54:08 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{BE99D386-F7B1-4FF0-BC0B-43B873527144} [2012/12/03 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B614235A-AB74-4F7C-A565-E882C38F6A62} [2012/12/03 08:33:27 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{A28D7D81-FF1B-4785-B1C0-6D1C38C29C49} [2012/12/02 09:59:27 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{FE819DD6-9B81-41A6-B7AC-E95D13E38364} [2012/12/01 08:10:16 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{EC780C51-F3A5-44CE-8C60-30E6AE575427} [2012/11/30 08:06:02 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{AA46CE54-1463-41E4-B100-B259BEE36F75} [2012/11/29 08:32:45 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2FEA18B9-F579-452C-9EB3-09CB4CA51BC6} [2012/11/28 18:07:21 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{4834BF15-6407-48B4-A71A-6E60BC526285} [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\ServUpdater [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\PowerOffer [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\PosService [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AppData [2012/11/28 08:43:59 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634896890393452430 [2012/11/28 08:43:51 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\SoftwareUpdater [2012/11/28 08:43:29 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\OpenCandy [2012/11/28 06:06:56 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E5AB336A-8C6C-4987-A21F-8EC3F7B57377} [2012/11/27 18:06:30 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{3E998279-6FDB-4B4C-8135-DF10230ED7AD} [2012/11/27 05:54:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2486DC21-467D-45BA-8657-0238203CC7F6} [2012/11/26 17:54:01 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{C5B331C6-75FF-48F9-A8E1-7A19F773EBB0} [2012/11/26 05:53:31 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{D05C9F4A-9EB5-4279-8C26-89AFC3A67050} [2012/11/25 08:10:14 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{112EBB04-DD78-4EFD-97AE-2D003A25F8FB} [2012/11/24 11:29:38 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{503AB96C-4A59-4055-94B0-B5C964C96A94} [2012/11/23 09:31:13 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E476C886-EE94-4FCB-9FA7-318C52B144E2} [2012/11/22 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{53BEF999-5D58-4ED5-9C2C-2C1A1B9AE8F3} [2012/11/21 06:24:37 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B34689F5-B901-44D6-A104-FCF4FAF08183} [2012/11/20 18:24:12 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B1C68386-1B41-409E-BDDE-12014CC2E805} [2012/11/20 05:09:42 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{0054C625-47C5-41AC-BF21-42C73FC346D2} [2012/11/19 17:36:06 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634889433667273825 [2012/11/19 16:42:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{8DA09B06-99DB-4769-A736-326BF3F77336} [2012/11/19 04:45:44 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634888971440370213 [2012/11/19 04:41:47 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{CF5E7291-5EFF-4B74-A83B-048FBC1FED23} [2012/11/18 10:24:58 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634888310988533612 [2012/11/18 09:58:29 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634888295090664306 [2012/11/18 09:55:57 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634888293571977442 [2012/11/18 09:50:48 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634888290483310780 [2012/11/18 09:37:45 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{CD415BCC-C441-4EF3-841F-E941927831D5} [2012/11/18 09:20:27 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{684BFD35-78A9-42FC-93CF-A3526D40E8B6} [2012/11/17 09:49:37 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2CAB7F56-0292-4649-BC57-2F677184338C} [2012/11/16 09:13:19 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/16 09:13:15 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/16 09:13:15 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/16 09:13:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/16 09:03:00 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/16 07:51:27 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{5828666D-0DDB-4681-8FFC-4EB212BE66BC} [2012/11/15 09:24:19 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E1822C00-B0CA-40A2-91EA-340C7B8BBBD8} [2012/11/14 06:40:39 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{3DFBF59D-723E-491F-BB9D-7CFC9ACF6DFB} [2012/11/13 17:07:04 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{742BF4CB-29F3-4DEE-87FB-78FD11C7E6A1} [2012/11/13 05:06:39 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{335E16F1-172C-4580-948C-3E8805EAB2B7} [2012/11/12 20:59:57 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634883507978981835 [2012/11/12 20:40:29 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder [2012/11/12 20:28:23 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\Freemake [2012/11/12 20:28:22 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2012/11/12 20:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2012/11/12 20:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012/11/12 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2012/11/12 18:11:33 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\Babylon [2012/11/12 09:15:15 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{98D865DE-7079-4DD5-BC96-A97DB215CA1B} [2012/11/11 21:14:49 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E035BE31-F071-4E7B-AC8B-4A654CFC4E7F} [2012/11/11 10:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012/11/11 10:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012/11/11 10:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/11/11 09:14:20 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{428C8EAD-7AA5-4F7A-8D7D-7668673B1052} [2012/11/10 20:05:45 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{A6DE7F0B-3618-407B-965E-A9C72A0FEB62} [2012/11/10 15:44:09 | 000,811,008 | ---- | C] (Pizzolato Davide - www.xdp.it) -- C:\Windows\SysWow64\cximage.dll [2012/11/10 15:44:09 | 000,282,624 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\V0420Cvw.crl [2012/11/10 15:44:09 | 000,278,528 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\V0420Cvw.dll [2012/11/10 15:44:09 | 000,108,032 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\CtDrvIns.exe [2012/11/10 15:44:09 | 000,098,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\V0420Ext.ax [2012/11/10 15:44:09 | 000,061,440 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\V0420Ext.crl [2012/11/10 15:44:09 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\CtCamMgr.dll [2012/11/10 15:44:09 | 000,000,000 | ---D | C] -- C:\Live! Cam [2012/11/10 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\File ricevuti [2012/11/10 14:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode [2012/11/10 14:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode [2012/11/10 14:38:41 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\FIFA 13 [2012/11/10 08:05:18 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{A1AB5F5F-2E7F-4FA6-B23F-99718B150561} [2012/11/09 20:04:51 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{36397C6D-56FA-456A-A61C-089D08C029D9} [2012/11/09 08:04:25 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{F96B9D06-4AF8-4114-BBAB-EF7F9095EFE9} [2012/11/08 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{C4B5296A-3364-4341-B510-E31EBBD84FDA} [2012/11/08 09:47:11 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\FMRTE13 [2012/11/08 09:45:24 | 000,000,000 | ---D | C] -- C:\BraCa Soft [2012/11/08 07:36:08 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B2D2D1BC-F79B-46B3-A9F8-7F8B2DC803BE} [2012/11/07 07:53:31 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{42A4ABAA-15C2-4188-A034-27DD0D3152E9} [2012/11/06 20:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/11/06 20:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012/11/06 07:52:48 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{6D6082AA-07A9-49F8-B54A-7AB7A4121C00} [2012/11/05 19:28:01 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{35782295-0A4F-47DE-945A-24BCCBCCF92C} [2012/11/05 11:29:53 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/05 11:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/05 11:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/11/05 07:41:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2012/11/05 07:41:30 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\Sports Interactive [2012/11/05 07:27:36 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{37C494F9-4DF4-4652-9202-AE8502FC9C58} [2012/11/04 07:28:12 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{618A3D34-4207-42E1-BB21-A36D5C092869} [2012/11/03 10:37:04 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{D314CF97-FC79-416D-A45B-41CA8D9CF729} [2012/11/02 11:28:22 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2F7C09ED-A468-488C-BAD6-95154E616A50} [2012/11/02 08:46:57 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{39E84469-E556-4090-8083-C75D1AB82E68} [2012/11/01 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{BB14918D-F547-4DE8-A46A-0A7EC9C498D3} [2012/11/01 10:47:50 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{4EE6B47E-1DFC-4296-8652-BF2130CAD51F} [2012/10/31 08:57:34 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{6D841192-2E47-4886-8BFB-18D915E0769A} [2012/10/30 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\Chromium [2012/10/30 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\Sports Interactive [2012/10/30 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\Sports Interactive [2012/10/30 12:09:33 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{17CE8207-D9A2-4DB2-AF3E-ACF9EFD3D3B6} [2012/10/29 22:54:47 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B3717CED-D065-46CD-94AA-CC30F0692974} [2012/10/29 17:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/10/29 09:48:49 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{68D3B81C-2E85-4379-9FC6-2125863F464E} [2012/10/29 09:04:42 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{9DAC89B7-A152-4FAF-ABAC-E6768BFB6829} [2012/10/28 18:52:51 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - La sposa [2012/10/28 18:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - La sposa [2012/10/28 18:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grim Tales - La sposa [2012/10/28 13:13:06 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{0F1A0CC1-B2DE-4BCA-AB6D-0CE1F0E18CEF} [2012/10/27 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{0B8DC3E9-64E0-4530-84DC-8C173A628669} [2012/10/26 07:54:03 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{C29F0E1F-6DB0-478E-AAAE-8F4C6ABC06F9} [2012/10/25 19:18:21 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\Elephant Games [2012/10/25 19:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games [2012/10/25 19:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/10/25 19:14:51 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Maledizione di famiglia [2012/10/25 19:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Maledizione di famiglia [2012/10/25 19:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grim Tales - Maledizione di famiglia [2012/10/25 18:04:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3002E08A-4925-4821-8D06-D5FC4EBFF034} [2012/10/25 18:03:59 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\PackageAware [2012/10/25 17:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2012/10/25 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient [2012/10/25 16:55:11 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache [2012/10/25 08:57:34 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{0262E2EE-C5A5-47E4-A447-9297CC0C8E59} [2012/10/25 07:18:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{568F2C69-5B8B-428E-8E07-460CF7514AB4} [2012/10/24 10:03:32 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{7025B88C-39B8-42EF-B862-2D21CF9FFC52} [2012/10/23 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B1AF26E8-AB89-45DD-B448-D95705A91FA7} [2012/10/23 10:02:43 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{CA9EB897-7C8C-4ECA-AD7F-44C0D647D916} [2012/10/22 21:58:37 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{8FDE902E-4AC8-4F07-8E9E-F3780D5C4D12} [2012/10/22 08:15:28 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{39841513-171E-4802-86D5-1FC8D918104D} [2012/10/22 07:23:32 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\Diagnostics [2012/10/22 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{7858542C-84B7-4BD7-A089-E6899E446F05} [2012/10/21 12:03:47 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{7EA223EC-FEFD-4E8A-B6D4-B36B7CD3BEE5} [2012/10/21 09:30:36 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{F18EA4A7-4C8D-4F87-957D-28A714EBABF2} [2012/10/21 09:14:07 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{09098D13-FDD3-407B-B14E-6C1691001C7E} ========== Files - Modified Within 60 Days ========== [2012/12/19 13:41:00 | 000,001,164 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000UA.job [2012/12/19 13:36:02 | 000,000,978 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job [2012/12/19 13:27:02 | 000,001,182 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000UA.job [2012/12/19 11:56:00 | 000,000,266 | ---- | M] () -- C:\Windows asks\AutoKMS.job [2012/12/19 09:47:39 | 000,102,892 | ---- | M] () -- C:\Users\Gianni\Desktop\facebook nascita.JPG [2012/12/19 08:04:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/19 08:04:45 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys [2012/12/18 22:41:00 | 000,001,112 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000Core.job [2012/12/18 19:27:01 | 000,001,160 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000Core.job [2012/12/16 11:04:16 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/16 11:04:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/12/16 11:04:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/12/16 11:04:14 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/16 11:04:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/16 11:04:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/15 13:44:45 | 040,384,592 | ---- | M] (ArcSoft ) -- C:\Users\Gianni\Desktop\photostudio6_retail_tbyb_all-6.0.0.157.exe [2012/12/14 10:43:33 | 000,002,493 | ---- | M] () -- C:\Users\Gianni\Desktop\Google Chrome.lnk [2012/12/12 11:39:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/12 11:39:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/11/28 10:40:45 | 000,004,082 | ---- | M] () -- C:\Users\Gianni\AppData\Local\unins000.dat [2012/11/28 10:40:43 | 000,715,038 | ---- | M] () -- C:\Users\Gianni\AppData\Local\unins000.exe [2012/11/28 08:43:38 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012/11/22 11:47:28 | 000,007,605 | ---- | M] () -- C:\Users\Gianni\AppData\Local\resmon.resmoncfg [2012/11/14 02:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/14 02:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/12 21:06:54 | 000,010,240 | ---- | M] () -- C:\Users\Gianni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/10 14:54:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk [2012/11/10 14:38:13 | 000,001,053 | ---- | M] () -- C:\Users\Gianni\Desktop\fifa13 - collegamento.lnk [2012/11/10 05:14:50 | 000,000,635 | ---- | M] () -- C:\Users\Gianni\Desktop\FM13 - collegamento.lnk [2012/11/05 21:32:16 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/11/05 21:32:09 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/11/05 11:29:53 | 000,000,222 | ---- | M] () -- C:\Users\Gianni\Desktop\Football Manager 2013.url [2012/11/05 11:18:51 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012/11/02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll ========== Files Created - No Company Name ========== [2012/12/19 09:47:39 | 000,102,892 | ---- | C] () -- C:\Users\Gianni\Desktop\facebook nascita.JPG [2012/11/28 10:40:44 | 000,715,038 | ---- | C] () -- C:\Users\Gianni\AppData\Local\unins000.exe [2012/11/28 10:40:44 | 000,004,082 | ---- | C] () -- C:\Users\Gianni\AppData\Local\unins000.dat [2012/11/12 20:28:22 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012/11/10 15:44:09 | 000,195,215 | ---- | C] () -- C:\Windows\SysWow64\V0420Cvw.bff [2012/11/10 15:44:09 | 000,005,022 | ---- | C] () -- C:\Windows\VF0420.uns [2012/11/10 14:54:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk [2012/11/10 14:38:13 | 000,001,053 | ---- | C] () -- C:\Users\Gianni\Desktop\fifa13 - collegamento.lnk [2012/11/10 05:14:50 | 000,000,635 | ---- | C] () -- C:\Users\Gianni\Desktop\FM13 - collegamento.lnk [2012/11/05 11:29:53 | 000,000,222 | ---- | C] () -- C:\Users\Gianni\Desktop\Football Manager 2013.url [2012/11/05 11:18:51 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012/10/25 17:01:50 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk [2012/10/25 17:01:50 | 000,001,250 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altri giochi super.lnk [2012/07/16 10:58:33 | 000,007,605 | ---- | C] () -- C:\Users\Gianni\AppData\Local\resmon.resmoncfg [2012/05/30 18:07:00 | 000,014,115 | ---- | C] () -- C:\Windows wspmm.ini [2012/03/09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/02/04 21:44:52 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini [2012/01/28 10:42:30 | 000,010,240 | ---- | C] () -- C:\Users\Gianni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/26 15:03:24 | 001,630,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/26 14:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/12 18:11:33 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\Babylon [2012/02/01 14:36:43 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\calibre [2012/03/19 17:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\Canneverbe Limited [2012/11/01 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\Elephant Games [2012/11/08 09:47:11 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\FMRTE13 [2012/08/29 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\Octoshape [2012/11/28 08:43:29 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\OpenCandy [2012/04/20 17:33:51 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\SanDisk SecureAccess [2012/11/06 08:54:15 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\Sports Interactive [2012/10/07 08:14:49 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\SumatraPDF [2012/02/14 11:51:06 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\Unity [2012/12/19 13:44:07 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\uTorrent [2012/01/26 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\Windows Live Writer [2012/01/28 10:41:26 | 000,000,000 | ---D | M] -- C:\Users\Gianni\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:5E73E1C2 @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:363E775E < End of report >
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

Ok chiedo venia di non aver letto prima
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

OTL Extras logfile created on: 19/12/2012 13:09:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianni\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 19,95% Memory free 8,00 Gb Paging File | 2,78 Gb Available in Paging File | 34,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 95,76 Gb Free Space | 49,03% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 425,08 Gb Free Space | 57,74% Space Free | Partition Type: NTFS Computer Name: GIANNI-PC | User Name: Gianni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0803AE82-1903-4953-93F0-88EE466CF7CF}" = rport=139 | protocol=6 | dir=out | app=system | "{187326E0-9CCE-4490-A626-B5943E907322}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1936D248-76E6-4509-A10B-9C4C221EB8CD}" = lport=138 | protocol=17 | dir=in | app=system | "{1F0AF96C-EAC2-435A-8A1D-4C68716D2901}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{28998700-32D9-4C5E-B8C6-1C3C1BDB2F7D}" = lport=2869 | protocol=6 | dir=in | app=system | "{2F0A8AC2-0570-4A36-9450-1E60259F9631}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2F58ECC2-DD95-48F7-99B8-B7E1A38B5421}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{39748C2F-D4D5-4252-B639-FDADF9FFA9A8}" = lport=139 | protocol=6 | dir=in | app=system | "{3A6F9CB6-DC80-4463-8727-7DAE07485520}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45B8842F-5D3C-4400-87D9-A4286A4FFC75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4A459D3E-97AE-41D4-B3A6-A7372FE63F41}" = rport=138 | protocol=17 | dir=out | app=system | "{5ED6A917-52BD-4FE4-B276-1D48B4513B7D}" = rport=10243 | protocol=6 | dir=out | app=system | "{652CF442-A9BE-4C71-A72B-F66E18BB19AE}" = rport=445 | protocol=6 | dir=out | app=system | "{656C6209-609A-47E0-8F7E-A94C290CBCA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{802EBE90-CD51-4147-B2CF-890109024209}" = lport=10243 | protocol=6 | dir=in | app=system | "{80D2480B-F15E-4C09-B4A5-077A9629A7E2}" = lport=137 | protocol=17 | dir=in | app=system | "{907EB076-FF44-4089-B958-2E1F4F3CDF3C}" = lport=445 | protocol=6 | dir=in | app=system | "{95C79019-8F13-44E5-82C8-C01B0B4220EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A4F40691-1679-470D-8923-9C545F7EA7EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B19CA567-BE0A-469E-BD17-BD1D197C38BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CED48894-C05D-4170-9DDD-4565E902534A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{D316B413-EDC9-4AAE-A5B7-4D4DF82796C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EAE2BE10-432F-4A66-B548-CAC4100F4770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED7F9B8C-21DD-4331-BA9A-36E917050364}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F2E3826D-B444-48A5-8D53-BCAEF1ED4B98}" = rport=137 | protocol=17 | dir=out | app=system | "{FB900B20-573D-44DF-8291-5D64478969F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0142AF90-C16A-4BD1-9D2A-C0153B723A6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{05AD542F-F65F-4051-958B-D5C3825D313F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{08228FA9-F960-496E-89D4-B405F72D7FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{12D51294-26E1-4FAF-A44D-7E76F14050D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1B9D90C2-1729-46E4-89EF-B04435609E95}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1FC2EAAE-731A-4E6F-ABF0-056981B4A0AC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{23CDD1A9-B6F6-45E9-9B34-9A8FAE5472D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{263DC768-9906-4751-BC49-9B46AA9839F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{26729BF7-DA8B-42D7-99A6-5ABA2AACEE00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 resource archiver\resource archiver.exe | "{2A7EE6D8-7ACD-4D56-8C19-0E13F78FE793}" = protocol=6 | dir=out | app=system | "{2B5626AA-09BD-4592-8EF4-7C084706158F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2BB117DF-665D-4D3F-9088-F15548BE0107}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3106D60D-D135-42E8-8624-1173FA553526}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{382E8C93-221D-4C64-A11B-086E5793B745}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3E52E13F-D4E9-4344-A5AC-999AA833C52B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3F578A10-2D4C-4951-9147-B7FB7C24C846}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe | "{3FAD5162-273E-428E-8B7B-0699413E3B46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 resource archiver\resource archiver.exe | "{4906EA1C-C62C-46CA-B53D-1CEDBE6B6554}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{555FB3AC-F6E1-48FD-A1D6-104454B796EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{592BFE74-229B-47DF-A175-D84CD978865B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5B01FBBE-66B6-44AF-AF97-7CB00F15E644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{651EFC58-36D5-488B-91BF-7B5ACDF9DD20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{66C35BA0-3624-44F0-9228-D0436F76101C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 editor\editor.exe | "{700ED68A-3A58-4224-8E0C-0CC061796486}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7EF9918D-C6B9-4BBE-A75A-FFD20EA800F0}" = dir=in | app=c:\users\gianni\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{7FF7713C-E346-43FB-AEF2-1BA030D35AEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{84EEF122-6915-4C5B-B4A8-0D552A612A4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8EC7146C-EBD6-4F89-88CE-38D8D7B5EC3E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AD92F434-0D9D-4EA1-B55C-CE376B5307E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C12224E6-6932-4C03-91F4-0345ED426B99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C48BCC3D-BD19-4499-A16B-B5BFA8314B29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 editor\editor.exe | "{CF081CA9-D75B-4D9E-8AEF-305FDD463548}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{D2B84192-83E4-40DE-9E86-531034E7D123}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe | "{F8FD076A-2038-46F6-B337-DC63F0DAF5EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA764038-B1E0-455A-9FC7-80A975B82B30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{13D99FDD-E507-4227-B8D9-2D949FD17389}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "TCP Query User{21285A39-92F4-463F-A513-DE623C2A01D6}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe | "TCP Query User{272AC4C2-8868-4770-8EAF-AC00AFB8FC66}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "TCP Query User{276DF23F-7014-4A27-9A52-894207646B7E}D: mnationsforever mforever.exe" = protocol=6 | dir=in | app=d: mnationsforever mforever.exe | "TCP Query User{2E1AE588-CEDD-414A-A6C6-C2E7194BC017}D:\fifa13\game\game\fifa13.exe" = protocol=6 | dir=in | app=d:\fifa13\game\game\fifa13.exe | "TCP Query User{3CF66FF0-2BCA-4688-9F70-51B2FBA1BE4D}D:\ea sport\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\ea sport\fifa 12\game\fifa.exe | "TCP Query User{4FE4F985-0657-49FD-B21A-77F3E9CEF101}D: mnationsforever mforever.exe" = protocol=6 | dir=in | app=d: mnationsforever mforever.exe | "TCP Query User{A978FB32-A665-4441-9704-8A5CF0BBE1D1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{CA8DC527-B577-4DE7-B9FF-21357B35D93C}C:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{E0260065-7735-45A2-926C-5D772FAD4DE9}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "UDP Query User{05620D2E-FEF5-4909-AF57-A84AF80B6DA3}D:\fifa13\game\game\fifa13.exe" = protocol=17 | dir=in | app=d:\fifa13\game\game\fifa13.exe | "UDP Query User{374E5F1F-6E50-4C16-ACE2-D239D367DF42}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "UDP Query User{3CE44F98-EB83-4516-B41D-24239F9D0D66}D: mnationsforever mforever.exe" = protocol=17 | dir=in | app=d: mnationsforever mforever.exe | "UDP Query User{49E1CE12-F2BB-493A-BCDF-42AAAC543074}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "UDP Query User{5AE796F9-E889-46C2-A9A8-A90627EB92F6}C:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\gianni\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{687D5421-9790-4923-8114-A99B93BFF414}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe | "UDP Query User{869817CD-687A-4736-9AA1-4143EF5D4DAA}D: mnationsforever mforever.exe" = protocol=17 | dir=in | app=d: mnationsforever mforever.exe | "UDP Query User{A0E02C3F-DEE0-4F79-8DA1-A13E31AF602E}C:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft otalmedia theatre 5 otalmedia server m server.exe | "UDP Query User{A1224D47-03B2-4C32-9A96-255C95E26591}D:\ea sport\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\ea sport\fifa 12\game\fifa.exe | "UDP Query User{FDD2AD1B-CE74-4400-9A9B-D4DA2A7E2A41}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64 "{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Creative VF0420" = Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0 "{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver "{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Supporto applicazioni Apple "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK "{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese "{7F92FF5F-C7EA-40BA-9481-02B6B4479C93}" = calibre "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center "{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010 "{90140000-0015-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010 "{90140000-0016-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2010 "{90140000-0017-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{71D73EA6-F837-4368-B9D2-10D0D112ED74}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010 "{90140000-0018-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010 "{90140000-0019-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010 "{90140000-001A-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010 "{90140000-001B-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.it-it_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.it-it_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.it-it_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0410-1000-0000000FF1CE}_Office14.OMUI.it-it_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010 "{90140000-002C-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010 "{90140000-0044-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010 "{90140000-006E-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010 "{90140000-00A1-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010 "{90140000-00BA-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2010 "{90140000-0100-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{2C8C6BB6-81E2-407E-9780-FD04147198ED}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2010 "{90140000-0101-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{645C632B-EE9F-43B0-87E1-2546E9232C7F}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech "{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish "{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish "{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Italiano "{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard "{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode versione 3.1.1.8 "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish "{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "1ClickDownload" = 1ClickDownloader "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "BFGC" = Big Fish Games: Game Manager "BFG-Grim Tales - La sposa" = Grim Tales: La sposa "BFG-Grim Tales - Maledizione di famiglia" = Grim Tales: Maledizione di famiglia "Freemake Video Converter_is1" = Freemake Video Converter versione 3.1.2 "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "Mozilla Firefox 17.0.1 (x86 it)" = Mozilla Firefox 17.0.1 (x86 it) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.OMUI.it-it" = Microsoft Office Language Pack 2010 - Italian/Italiano "Office14.STANDARD" = Microsoft Office Standard 2010 "PowerISO" = PowerISO "RealPlayer 15.0" = RealPlayer "Steam App 207890" = Football Manager 2013 "Steam App 220600" = Football Manager 2013 Editor "Steam App 220620" = Football Manager 2013 Resource Archiver "uTorrent" = µTorrent "uTorrentBar_IT Toolbar" = uTorrentBar_IT Toolbar "VirtualCloneDrive" = VirtualCloneDrive "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.10 (32-bit) "XP Codec Pack" = XP Codec Pack ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Octoshape Streaming Services" = Octoshape Streaming Services "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19/07/2012 04:51:15 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 19/07/2012 07:19:05 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 19/07/2012 07:58:56 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 19/07/2012 11:57:28 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 02:42:05 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 04:31:08 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 05:14:45 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 07:54:14 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 10:12:14 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = Error - 20/07/2012 11:16:58 | Computer Name = Gianni-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 10/06/2012 01:42:21 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 07:42:21 - Errore di connessione a Internet. 07:42:21 - Impossibile contattare il server.. Error - 10/06/2012 01:42:30 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 07:42:26 - Errore di connessione a Internet. 07:42:26 - Impossibile contattare il server.. Error - 04/07/2012 02:29:21 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 08:29:21 - Errore di connessione a Internet. 08:29:21 - Impossibile contattare il server.. Error - 04/07/2012 02:29:31 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 08:29:26 - Errore di connessione a Internet. 08:29:26 - Impossibile contattare il server.. Error - 19/07/2012 03:05:22 | Computer Name = Gianni-PC | Source = MCUpdate | ID = 0 Description = 09:05:22 - Errore di connessione a Internet. 09:05:22 - Impossibile contattare il server.. [ System Events ] Error - 18/12/2012 11:29:59 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7026 Description = All'avvio non è stato possibile caricare i seguenti driver: ArcSec Error - 18/12/2012 14:38:41 | Computer Name = Gianni-PC | Source = Microsoft-Windows-Diagnostics-Networking | ID = 5300 Description = Framework di diagnostica di rete: impossibile completare la fase di ripristino dell'operazione. Errore. È stata generata una segnalazione errore di Windows. [2147942487] Error - 19/12/2012 00:01:39 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7000 Description = Il servizio SPCA1528 Video Camera Service non è stato avviato per il seguente errore: %%2 Error - 19/12/2012 00:03:15 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 19/12/2012 00:03:15 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Serv Updater bloccato in partenza. Error - 19/12/2012 00:03:15 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7026 Description = All'avvio non è stato possibile caricare i seguenti driver: ArcSec Error - 19/12/2012 03:05:01 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7000 Description = Il servizio SPCA1528 Video Camera Service non è stato avviato per il seguente errore: %%2 Error - 19/12/2012 03:06:36 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Pos Service bloccato in partenza. Error - 19/12/2012 03:06:36 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7022 Description = Servizio Serv Updater bloccato in partenza. Error - 19/12/2012 03:06:36 | Computer Name = Gianni-PC | Source = Service Control Manager | ID = 7026 Description = All'avvio non è stato possibile caricare i seguenti driver: ArcSec < End of report >
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

OTL logfile created on: 19/12/2012 13:09:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianni\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 19,95% Memory free 8,00 Gb Paging File | 2,78 Gb Available in Paging File | 34,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 95,76 Gb Free Space | 49,03% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 425,08 Gb Free Space | 57,74% Space Free | Partition Type: NTFS Computer Name: GIANNI-PC | User Name: Gianni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/19 13:08:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gianni\Downloads\OTL.exe PRC - [2012/12/10 06:30:50 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2012/12/10 06:28:19 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012/11/21 06:23:12 | 040,391,320 | ---- | M] (Sports Interactive) -- C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe PRC - [2012/11/05 11:24:15 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\GameOverlayUI.exe PRC - [2012/11/05 11:24:14 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/08/15 15:42:25 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/08/11 12:43:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/05/08 18:35:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/08 18:35:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/12/16 18:44:50 | 000,762,368 | ---- | M] (PService) -- C:\Users\Public\Documents\AppData\PoApp\PService.exe PRC - [2011/03/24 16:11:18 | 000,107,800 | ---- | M] (Octoshape ApS) -- C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2011/03/15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE PRC - [2007/04/30 02:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0420Mon.exe ========== Modules (No Company Name) ========== MOD - [2012/12/05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll MOD - [2012/12/05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012/12/05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012/12/05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012/12/05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012/12/05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012/12/05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012/12/05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012/11/16 16:31:38 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll MOD - [2012/11/16 11:00:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/16 11:00:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012/11/16 11:00:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/16 11:00:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/16 11:00:19 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll MOD - [2012/11/16 11:00:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/16 11:00:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/16 11:00:03 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/16 10:59:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/11/12 20:40:19 | 000,057,344 | ---- | M] () -- C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll MOD - [2012/11/05 14:00:11 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\IntelLaptopGamingVista.dll MOD - [2012/11/05 11:24:14 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/11/05 11:24:14 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/11/05 11:24:14 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2012/11/05 11:24:14 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/11/05 11:24:14 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2010/11/21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/11/13 00:50:53 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/12/12 11:39:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/09 14:56:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/05 11:24:14 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/14 17:52:34 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Users\Gianni\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -- (SoftwareUpd) SRV - [2012/05/08 18:35:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/08 18:35:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/04/03 19:59:46 | 000,169,472 | ---- | M] (PowerOfferService) [Auto | Stopped] -- C:\Users\Gianni\AppData\Local\PosService\Pos.exe -- (PowerOffer Service) SRV - [2011/12/16 18:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Auto | Stopped] -- C:\Users\Gianni\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater) SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/09/28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/05/14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/05/08 18:35:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/08 18:35:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/09/15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers susbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers erminpt.sys -- (terminpt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/04/12 09:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2007/05/31 02:33:32 | 000,107,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0420Vid.sys -- (V0420VID) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 33 EB E6 30 DC CC 01 [binary data] IE - HKCU\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r= IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=117223&tt=4612_5&babsrc=SP_ss&mntrId=009438de000000000000001e8c6f16a6 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3FB49B8C-2FCC-44F5-AA97-A17D3A8AF311}&mid=2a05b754417347d19945d157ca8bff55-5a4473c1cc9e44870379b5564e7119bd1325dc1d〈=en&ds=ir011&pr=sa&d=2012-02-04 21:44:17&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://www.google.it/" FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6 FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gianni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gianni\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gianni\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gianni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/15 15:42:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/11/28 08:43:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/09 14:57:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/09 14:56:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/09 14:57:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/09 14:56:57 | 000,000,000 | ---D | M] [2012/01/26 15:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Extensions [2012/07/26 17:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions [2012/10/23 16:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\cfl6pfir.default-1343600262549\extensions [2012/10/07 08:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\x06m84j9.default\extensions [2012/07/17 15:53:03 | 000,000,000 | ---D | M] (uTorrentBar_IT Community Toolbar) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\x06m84j9.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} [2012/07/26 17:40:47 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Gianni\AppData\Roaming\mozilla\Firefox\Profiles\x06m84j9.default\extensions\OneClickDownload@OneClickDownload.com [2012/10/07 08:13:32 | 000,002,547 | ---- | M] () -- C:\Users\Gianni\AppData\Roaming\mozilla\firefox\profiles\cfl6pfir.default-1343600262549\searchplugins\browsemngr.xml [2012/12/09 14:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/12/09 14:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2012/11/28 08:43:37 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2012/08/15 15:42:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/12/09 14:57:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/15 15:42:31 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012/12/09 14:56:59 | 000,001,606 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml [2012/02/04 21:44:13 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/11/12 18:12:04 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/08/30 18:41:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/12/09 14:56:59 | 000,000,957 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml [2012/12/09 14:56:59 | 000,001,030 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml [2012/12/09 14:56:59 | 000,001,395 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml [2012/12/09 14:56:59 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml ========== Chrome ========== CHR - homepage: https://www.google.it/webhp?hl=it&tab=ww CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: https://www.google.it/webhp?hl=it&tab=ww CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Gianni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Gianni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Freemake Video Converter = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Gmail = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: OneClickDownload = C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.2_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (uTorrentBar_IT Toolbar) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (uTorrentBar_IT Toolbar) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [ErrorRepairPro] C:\Program Files (x86)\Error Repair Professional\autostart.exe File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Gianni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C21FC2-A23E-4D26-A6DE-FB5139732F86}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter ext/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/19 06:58:08 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{89177569-C3B4-46CA-BF5D-490D2E5297AE} [2012/12/18 18:57:41 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2E70FD3D-D3DA-4703-BF41-07286621B60B} [2012/12/18 06:18:16 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{BC5B1F3C-B055-43A6-9844-BBCB70E6562A} [2012/12/17 18:17:50 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{DBED45C9-645A-45C1-9813-E4C0853EF0E7} [2012/12/17 06:16:05 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{22DAE3C0-273A-45F0-9DD1-BA68AD679E59} [2012/12/16 11:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/12/16 11:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/12/16 11:04:35 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/12/16 11:04:34 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/12/16 11:04:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/16 11:04:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/16 11:04:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/16 11:04:22 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/16 11:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/12/16 08:13:38 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2992A1C1-0C36-42E1-8F8F-91C25150C1AA} [2012/12/15 13:46:58 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\Programs [2012/12/15 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\ArcSoft [2012/12/15 13:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft [2012/12/15 13:45:24 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL [2012/12/15 13:39:55 | 040,384,592 | ---- | C] (ArcSoft ) -- C:\Users\Gianni\Desktop\photostudio6_retail_tbyb_all-6.0.0.157.exe [2012/12/15 13:27:23 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\ArcSoft [2012/12/15 13:27:17 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\ArcSoft [2012/12/15 13:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft [2012/12/15 09:23:10 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{CA502B37-CBEF-46B2-A309-BACF71E7C691} [2012/12/14 10:15:06 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{6EA8E82D-1E14-4D2F-B73C-C28969C5D91A} [2012/12/13 09:55:25 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{1614D51D-C122-4881-A540-38D8C843D6E9} [2012/12/12 10:22:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/12 10:22:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/12 10:22:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/12 10:22:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/12 10:22:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/12 10:22:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/12 10:22:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/12 10:22:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/12 10:22:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/12 10:22:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/12 10:22:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/12 10:22:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/12 10:22:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/12 10:22:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/12 10:22:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/12 09:00:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{C67B3B50-2165-40F3-BD64-E493F655FF64} [2012/12/12 06:13:04 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/12 06:13:04 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/12 06:13:04 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/12 06:13:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/12 06:12:59 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/12 06:12:59 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/12 06:12:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/12 06:12:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/12 06:12:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/12 06:12:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/12 06:12:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/12 06:12:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/12 06:12:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/12 06:12:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/12 06:12:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/12 06:12:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/12 06:12:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/12 06:12:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 06:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 06:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 06:12:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/12 06:12:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/12 06:12:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 06:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/12 06:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/12 06:12:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/12 06:12:17 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/12 06:12:17 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/11 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{9343CD7B-4831-4C37-8B1B-D44CF175A6E3} [2012/12/11 12:11:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\Documents\Glenn Cooper - 06 - Il Tempo Della Verita [2012/12/11 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{5CABCFD2-52A6-4F87-932F-BA54C781EEC0} [2012/12/10 20:59:09 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{978B2FAA-A974-4C1C-BB4C-17C2F57F441A} [2012/12/10 06:28:01 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{D8FA9B7F-03FD-4D79-9F4A-ECD79FE85DAE} [2012/12/09 14:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/09 09:01:19 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{56B23AC3-9F0B-41FC-A9D9-FE02E551E61B} [2012/12/08 10:43:50 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{D1D6B951-5E7A-424C-809D-E14A9BB047EB} [2012/12/08 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{EAF54CC2-781B-410F-B38B-6D849AF25DAD} [2012/12/07 09:50:34 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{39A1F395-A145-4460-931A-D50DA8C3D2DC} [2012/12/07 09:15:59 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{6CF0F7A9-2D78-46A5-821B-CFDEA2189037} [2012/12/07 09:12:36 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{DA639BFA-A3B2-4C79-A7FF-E39CC7B178AD} [2012/12/06 08:16:16 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E13AB49C-BBF1-4A3B-BBC0-33F4985E139F} [2012/12/05 06:13:50 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{0065A979-1F36-4329-9F71-14848AD9934F} [2012/12/04 10:54:08 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{BE99D386-F7B1-4FF0-BC0B-43B873527144} [2012/12/03 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B614235A-AB74-4F7C-A565-E882C38F6A62} [2012/12/03 08:33:27 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{A28D7D81-FF1B-4785-B1C0-6D1C38C29C49} [2012/12/02 09:59:27 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{FE819DD6-9B81-41A6-B7AC-E95D13E38364} [2012/12/01 08:10:16 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{EC780C51-F3A5-44CE-8C60-30E6AE575427} [2012/11/30 08:06:02 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{AA46CE54-1463-41E4-B100-B259BEE36F75} [2012/11/29 08:32:45 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2FEA18B9-F579-452C-9EB3-09CB4CA51BC6} [2012/11/28 18:07:21 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{4834BF15-6407-48B4-A71A-6E60BC526285} [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\ServUpdater [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\PowerOffer [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\PosService [2012/11/28 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AppData [2012/11/28 08:43:59 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634896890393452430 [2012/11/28 08:43:51 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\SoftwareUpdater [2012/11/28 08:43:29 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Roaming\OpenCandy [2012/11/28 06:06:56 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E5AB336A-8C6C-4987-A21F-8EC3F7B57377} [2012/11/27 18:06:30 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{3E998279-6FDB-4B4C-8135-DF10230ED7AD} [2012/11/27 05:54:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{2486DC21-467D-45BA-8657-0238203CC7F6} [2012/11/26 17:54:01 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{C5B331C6-75FF-48F9-A8E1-7A19F773EBB0} [2012/11/26 05:53:31 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{D05C9F4A-9EB5-4279-8C26-89AFC3A67050} [2012/11/25 08:10:14 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{112EBB04-DD78-4EFD-97AE-2D003A25F8FB} [2012/11/24 11:29:38 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{503AB96C-4A59-4055-94B0-B5C964C96A94} [2012/11/23 09:31:13 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{E476C886-EE94-4FCB-9FA7-318C52B144E2} [2012/11/22 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{53BEF999-5D58-4ED5-9C2C-2C1A1B9AE8F3} [2012/11/21 06:24:37 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B34689F5-B901-44D6-A104-FCF4FAF08183} [2012/11/20 18:24:12 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{B1C68386-1B41-409E-BDDE-12014CC2E805} [2012/11/20 05:09:42 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{0054C625-47C5-41AC-BF21-42C73FC346D2} [2012/11/19 17:36:06 | 000,000,000 | -H-D | C] -- C:\Users\Gianni\Documents\Freemake_do_not_remove_this_folder634889433667273825 [2012/11/19 16:42:26 | 000,000,000 | ---D | C] -- C:\Users\Gianni\AppData\Local\{8DA09B06-99DB-4769-A736-326BF3F77336} ========== Files - Modified Within 30 Days ========== [2012/12/19 12:41:01 | 000,001,164 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000UA.job [2012/12/19 12:36:00 | 000,000,978 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job [2012/12/19 11:56:00 | 000,000,266 | ---- | M] () -- C:\Windows asks\AutoKMS.job [2012/12/19 10:27:01 | 000,001,182 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000UA.job [2012/12/19 09:47:39 | 000,102,892 | ---- | M] () -- C:\Users\Gianni\Desktop\facebook nascita.JPG [2012/12/19 08:13:40 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/19 08:13:40 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/19 08:04:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/19 08:04:45 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys [2012/12/18 22:41:00 | 000,001,112 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000Core.job [2012/12/18 19:27:01 | 000,001,160 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-1539135573-1650222560-1094068503-1000Core.job [2012/12/16 11:04:16 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/16 11:04:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/12/16 11:04:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/12/16 11:04:14 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/16 11:04:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/16 11:04:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/15 13:44:45 | 040,384,592 | ---- | M] (ArcSoft ) -- C:\Users\Gianni\Desktop\photostudio6_retail_tbyb_all-6.0.0.157.exe [2012/12/14 10:43:33 | 000,002,493 | ---- | M] () -- C:\Users\Gianni\Desktop\Google Chrome.lnk [2012/12/12 11:39:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/12 11:39:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/12 07:55:33 | 000,418,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/10 22:01:37 | 001,653,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/10 22:01:37 | 000,739,004 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012/12/10 22:01:37 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/10 22:01:37 | 000,146,076 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012/12/10 22:01:37 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/28 10:40:45 | 000,004,082 | ---- | M] () -- C:\Users\Gianni\AppData\Local\unins000.dat [2012/11/28 10:40:43 | 000,715,038 | ---- | M] () -- C:\Users\Gianni\AppData\Local\unins000.exe [2012/11/28 08:43:38 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012/11/22 11:47:28 | 000,007,605 | ---- | M] () -- C:\Users\Gianni\AppData\Local\resmon.resmoncfg ========== Files Created - No Company Name ========== [2012/12/19 09:47:39 | 000,102,892 | ---- | C] () -- C:\Users\Gianni\Desktop\facebook nascita.JPG [2012/11/28 10:40:44 | 000,715,038 | ---- | C] () -- C:\Users\Gianni\AppData\Local\unins000.exe [2012/11/28 10:40:44 | 000,004,082 | ---- | C] () -- C:\Users\Gianni\AppData\Local\unins000.dat [2012/07/16 10:58:33 | 000,007,605 | ---- | C] () -- C:\Users\Gianni\AppData\Local\resmon.resmoncfg [2012/05/30 18:07:00 | 000,014,115 | ---- | C] () -- C:\Windows wspmm.ini [2012/03/09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/02/04 21:44:52 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini [2012/01/28 10:42:30 | 000,010,240 | ---- | C] () -- C:\Users\Gianni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/26 15:03:24 | 001,630,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/26 14:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:5E73E1C2 @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:363E775E < End of report >
- December 19, 2012
- 20 risposte
Ho Il Pc Che Ogni Tanto Si Blocca

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

Leggo di problemi di win7 a 64bit con HJT confermate?
- December 19, 2012
- 20 risposte
Non Carica Driver Video "codice 43" Potrebbe Essere Un Virus

gianman ha aggiunto un topic in HiJackThis - Posta qui i Log

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19.27.42, on 24/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\hp\support\hpsysdrv.exe C:\Program Files (x86)\Alice ti aiuta\McciTrayApp.exe C:\Windows\V0420Mon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\hp\kbd\kbd.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\OfferBox\OfferBox.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cndt R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Webnotes Toolbar - {da4cfcb0-afbe-4645-8daa-f633950ef451} - C:\Program Files (x86)\Webnotes\tbWebn.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Gianni\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll O2 - BHO: Webnotes Toolbar - {da4cfcb0-afbe-4645-8daa-f633950ef451} - C:\Program Files (x86)\Webnotes\tbWebn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll O3 - Toolbar: Webnotes Toolbar - {da4cfcb0-afbe-4645-8daa-f633950ef451} - C:\Program Files (x86)\Webnotes\tbWebn.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe O4 - HKLM\..\Run: [AliceRV_McciTrayApp] "C:\Program Files (x86)\Alice ti aiuta\McciTrayApp.exe" O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ggpc] C:\PROGRA~2\EDB5~1\HXClient.exe O4 - HKLM\..\Run: [Transaction ID] C:\Users\Gianni\AppData\Local\Temp\tfshost.exe O4 - HKLM\..\Run: [EnableDCOM] N O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [C:\Windows\SysWOW64\V0420Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0420Cvw.dll O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\RunServices: [Transaction ID] C:\Users\Gianni\AppData\Local\Temp\tfshost.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Google Update] "C:\Users\Gianni\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [RGSC] E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [L09AXLRD_3686943] "E:\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [suwoq] "c:\users\gianni\appdata\local\suwoq.exe" suwoq O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize O4 - HKCU\..\Run: [Transaction ID] C:\Users\Gianni\AppData\Local\Temp\tfshost.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~2\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000334&p=ZCxpt031YYIT&si=&a=xQQVObhJHnVHDO6dqwF8EQ&n=2010042808 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Ê¹ÓÃ¿ì³µ3ÏÂÔØ - C:\Users\Gianni\AppData\Roaming\FlashGetBHO\GetUrl.htm O8 - Extra context menu item: Ê¹ÓÃ¿ì³µ3ÏÂÔØÈ«²¿Á´½Ó - C:\Users\Gianni\AppData\Roaming\FlashGetBHO\GetAllUrl.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.it/s/v/59.15/uploader2.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.it/s/v/e/38.05/57go2Ejy5T0/uploader2.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://print.photocity.it/InvioFoto/ImageUploader5.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.17 85.38.28.72 O17 - HKLM\System\CS1\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.17 85.38.28.72 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: SMTP Service Client API Stubs (smtpapi32) - Unknown owner - rundll32.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16426 bytes
- June 24, 2010
- 1 risposta
Un Sacco Di Trojan Presenti Nel Pc

gianman ha aggiunto un topic in HiJackThis - Posta qui i Log

Mi scuso se non sono più chiaro ma ne rileva veramente tantissimi, anche se il pc al momento non mi da nessun problema Posto qui l'HiJack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13.55.24, on 16/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\PowerISO\PWRISOVM.EXE C:\WINDOWS\vsnpstd2.exe D:\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe C:\Programmi\Avira\AntiVir Desktop\avscan.exe C:\WINDOWS\system32\taskmgr.exe C:\Programmi\Windows Live\Messenger\msnmsgr.exe C:\Programmi\Windows Live\Contacts\wlcomm.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe c:\programmi\avira\antivir desktop\avcenter.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Programmi\SGPSA\BHO.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programmi\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Programmi\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sGPUpdater] C:\Programmi\Search Guard PlusU\sgpUpdaters.exe O4 - HKLM\..\Run: [FBSearch] C:\Programmi\Search Guard Plus\SearchGuardPlus.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Linda71\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [zfsergkv] "c:\documents and settings\linda71\impostazioni locali\dati applicazioni\zfsergkv.exe" zfsergkv O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.giochionline.org/giochiflash/richracer.html" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.it/s/v/e/37.09/Hbo...o/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Update Service (gupdate1c95532422d2370) (gupdate1c95532422d2370) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 10339 bytes
- January 16, 2010
- 14 risposte
Un Sacco Di Trojan Presenti Nel Pc

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

fatto tutto ok? siamo salvi dall'attacco pandemico dei virus?
- January 21, 2010
- 14 risposte
Un Sacco Di Trojan Presenti Nel Pc

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

quale? ma a virus siamo a posto?
- January 20, 2010
- 14 risposte
Un Sacco Di Trojan Presenti Nel Pc

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19.51.48, on 19/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programmi\PowerISO\PWRISOVM.EXE C:\WINDOWS\vsnpstd2.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe C:\Programmi\Windows Live\Messenger\msnmsgr.exe C:\Programmi\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Linda71\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Linda71\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Linda71\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Linda71\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programmi\Fast Browser Search\IE\FBStoolbar.dll (file missing) O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Programmi\Fast Browser Search\IE\FBStoolbar.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.it/s/v/e/37.09/Hbo...o/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Update Service (gupdate1c95532422d2370) (gupdate1c95532422d2370) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8757 bytes
- January 19, 2010
- 14 risposte
Un Sacco Di Trojan Presenti Nel Pc

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

metto l'hijack adesso?
- January 19, 2010
- 14 risposte
Un Sacco Di Trojan Presenti Nel Pc

gianman ha risposto a gianman nel forum HiJackThis - Posta qui i Log

Ecco il log della scansione antimalaware Malwarebytes' Anti-Malware 1.44 Versione del database: 3594 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19/01/2010 9.47.25 mbam-log-2010-01-19 (09-47-18).txt Tipo di scansione: Scansione completa (C:\|D:\|) Elementi scansionati: 231985 Tempo trascorso: 2 hour(s), 16 minute(s), 52 second(s) Processi delle memoria infetti: 0 Moduli della memoria infetti: 0 Chiavi di registro infette: 0 Valori di registro infetti: 0 Elementi dato del registro infetti: 0 Cartelle infette: 0 File infetti: 1 Processi delle memoria infetti: (Nessun elemento malevolo rilevato) Moduli della memoria infetti: (Nessun elemento malevolo rilevato) Chiavi di registro infette: (Nessun elemento malevolo rilevato) Valori di registro infetti: (Nessun elemento malevolo rilevato) Elementi dato del registro infetti: (Nessun elemento malevolo rilevato) Cartelle infette: (Nessun elemento malevolo rilevato) File infetti: C:\System Volume Information\_restore{9F59D7D0-82D0-485C-81FD-BE32A0F6BCE6}\RP446\A0150516.sys (Malware.Trace) -> No action taken.
- January 19, 2010
- 14 risposte

Accedi

gianman

Numero contenuti

Iscritto

Ultima visita

Tipo di contenuto

Profilo

Forum

Calendario

Blog

Downloads

Gallery

Tutti i contenuti di gianman

Pc Lente Laborioso Forse Malaware?

Pc Lente Laborioso Forse Malaware?

Problemi Virus Lentezza Pc

Pc Che Si Blocca

Pc Che Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Ho Il Pc Che Ogni Tanto Si Blocca

Non Carica Driver Video "codice 43" Potrebbe Essere Un Virus

Un Sacco Di Trojan Presenti Nel Pc

Un Sacco Di Trojan Presenti Nel Pc

Un Sacco Di Trojan Presenti Nel Pc

Un Sacco Di Trojan Presenti Nel Pc

Un Sacco Di Trojan Presenti Nel Pc

Un Sacco Di Trojan Presenti Nel Pc

Sezioni principali

Attività