shampo

WinGirls
 Visualizza profilo  Vedi la sua attività

  • Numero contenuti

    200

  • Iscritto

  • Ultima visita

Tutti i contenuti di shampo

  1. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=08cbe1fc40d8a94eb665e42672aa88c7 # engine=13187 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-18 10:26:19 # local_time=2013-02-18 11:26:19 (+0100, ora solare Europa occidentale) # country="Italy" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 8761857 137939851 0 0 # compatibility_mode=5893 16776573 100 94 11231 112856229 0 0 # scanned=268330 # found=0 # cleaned=0 # scan_time=5857 questa volta niente viirus
  2. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=08cbe1fc40d8a94eb665e42672aa88c7 # engine=13187 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-18 10:26:19 # local_time=2013-02-18 11:26:19 (+0100, ora solare Europa occidentale) # country="Italy" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 8761857 137939851 0 0 # compatibility_mode=5893 16776573 100 94 11231 112856229 0 0 # scanned=268330 # found=0 # cleaned=0 # scan_time=5857 questa è l ultima scansione e nn ci sono virus ma perchè continua a volte a non accendersi? ciao e grazie
  3. scusami,ma mi ci sta buttando di fuori,mi si apre il file e non mi fa fare il copia incolla,se vado nella cartella mi copia quello che ti ho inviato,rifaccio un altra prova,grrrrrrrrrrr ciao grazie
  4. ciao ho fatto quello che m hai detto,ma mi viene questo ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK dove sbaglio?
  5. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK mi ha trovato 7 virus,ma non so come mandarti la scansione.ho fatto come mi hai detto ma,mi ci perdo,aiuto,,,,grazie
  6. ComboFix 13-02-13.01 - rosy 13/02/2013 19:43:27.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2908 [GMT 1:00] Eseguito da: c:\users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe Opzioni usate :: c:\users\rosy\Desktop\Nuova cartella (7)\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Creato nuovo punto di ripristino . . ((((((((((((((((((((((((( Files Creati Da 2013-01-13 al 2013-02-13 ))))))))))))))))))))))))))))))))))) . . 2013-02-13 18:49 . 2013-02-13 18:49 -------- d-----w- c:\users\Default\AppData\Local emp 2013-02-08 20:38 . 2013-01-18 11:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB2FFA28-5E09-4374-B48E-4C69399F170C}\mpengine.dll 2013-02-07 18:28 . 2013-02-07 18:56 -------- d-----w- c:\program files (x86)\TimeLineRemove 2013-02-05 11:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-02-05 11:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-02-05 11:36 . 2012-12-07 11:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2013-02-05 11:36 . 2012-12-07 10:46 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2013-02-05 11:36 . 2012-12-07 10:46 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2013-02-05 11:36 . 2012-12-07 10:46 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2013-02-05 11:36 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs 2013-02-05 11:36 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs 2013-02-05 11:36 . 2012-12-07 10:46 55296 ----a-w- c:\windows\SysWow64\cero.rs 2013-02-05 11:26 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32 askhost.exe 2013-02-05 11:26 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-02-05 11:26 . 2013-02-05 11:26 -------- d-----w- c:\users\rosy\AppData\Local\Apps 2013-02-05 11:25 . 2013-02-05 11:37 -------- d-----w- c:\users\rosy\AppData\Local\Deployment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-06 20:57 . 2012-06-03 22:19 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 00:28 . 2012-06-03 09:49 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-08 21:23 . 2012-06-03 19:18 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 21:23 . 2012-06-03 19:18 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-16 17:11 . 2012-12-20 19:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-20 19:06 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-20 19:06 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-20 19:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 15:49 . 2012-06-03 21:30 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-02-05 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 PAC207;Trust 100K Series Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 686592] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [2007-03-27 1021440] . . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - WS2IFSL . Contenuto della cartella 'Scheduled Tasks' . 2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 21:23] . 2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00] . 2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job - c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job - c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://search.chatzum.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 62.101.93.101 83.103.25.250 . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file) . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2013-02-13 19:51:05 ComboFix-quarantined-files.txt 2013-02-13 18:51 ComboFix2.txt 2013-02-10 19:03 . Pre-Run: 321.750.712.320 byte disponibili Post-Run: 321.167.876.096 byte disponibili . - - End Of File - - D8B1CD03C50CDA3D21C37823863F191B
  7. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-02-10 19:29:52 ----------------------------- 19:29:52.255 OS Version: Windows x64 6.1.7601 Service Pack 1 19:29:52.255 Number of processors: 2 586 0x170A 19:29:52.255 ComputerName: ROSY-PC UserName: rosy 19:29:52.941 Initialize success 19:29:52.988 AVAST engine defs: 13021000 19:30:06.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 19:30:06.435 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3 19:30:06.451 Disk 0 MBR read successfully 19:30:06.467 Disk 0 MBR scan 19:30:06.467 Disk 0 Windows 7 default MBR code 19:30:06.467 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 305 MB offset 63 19:30:06.482 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 471626 MB offset 626535 19:30:06.513 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5006 MB offset 966518784 19:30:06.545 Disk 0 scanning C:\Windows\system32\drivers 19:30:13.892 Service scanning 19:30:27.137 Modules scanning 19:30:27.137 Disk 0 trace - called modules: 19:30:27.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 19:30:27.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800460c5e0] 19:30:27.168 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa80044d1520] 19:30:27.168 5 ACPI.sys[fffff88000d647a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004198680] 19:30:27.792 AVAST engine scan C:\ 19:32:40.969 Disk 0 MBR has been saved successfully to "C:\Users\rosy\Documents\MBR.dat" 19:32:40.985 The log file has been saved successfully to "C:\Users\rosy\Documents\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-02-10 19:29:52 ----------------------------- 19:29:52.255 OS Version: Windows x64 6.1.7601 Service Pack 1 19:29:52.255 Number of processors: 2 586 0x170A 19:29:52.255 ComputerName: ROSY-PC UserName: rosy 19:29:52.941 Initialize success 19:29:52.988 AVAST engine defs: 13021000 19:30:06.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 19:30:06.435 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3 19:30:06.451 Disk 0 MBR read successfully 19:30:06.467 Disk 0 MBR scan 19:30:06.467 Disk 0 Windows 7 default MBR code 19:30:06.467 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 305 MB offset 63 19:30:06.482 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 471626 MB offset 626535 19:30:06.513 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5006 MB offset 966518784 19:30:06.545 Disk 0 scanning C:\Windows\system32\drivers 19:30:13.892 Service scanning 19:30:27.137 Modules scanning 19:30:27.137 Disk 0 trace - called modules: 19:30:27.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 19:30:27.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800460c5e0] 19:30:27.168 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa80044d1520] 19:30:27.168 5 ACPI.sys[fffff88000d647a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004198680] 19:30:27.792 AVAST engine scan C:\ 19:32:40.969 Disk 0 MBR has been saved successfully to "C:\Users\rosy\Documents\MBR.dat" 19:32:40.985 The log file has been saved successfully to "C:\Users\rosy\Documents\aswMBR.txt" 19:42:22.034 Disk 0 MBR has been saved successfully to "C:\Users\rosy\Documents\MBR.dat" 19:42:22.050 The log file has been saved successfully to "C:\Users\rosy\Documents\aswMBR.txt" ComboFix 13-02-07.02 - rosy 10/02/2013 19:55:48.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2526 [GMT 1:00] Eseguito da: c:\users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Creato nuovo punto di ripristino . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\OfferBox c:\program files (x86)\OfferBox\OfferBox.exe c:\users\rosy\AppData\Roaming\OfferBox c:\users\rosy\AppData\Roaming\OfferBox\config.xml c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\sdch\1338755323 c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Creati Da 2013-01-10 al 2013-02-10 ))))))))))))))))))))))))))))))))))) . . 2013-02-10 19:01 . 2013-02-10 19:01 -------- d-----w- c:\users\Default\AppData\Local emp 2013-02-10 18:53 . 2013-02-10 18:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB2FFA28-5E09-4374-B48E-4C69399F170C}\offreg.dll 2013-02-08 20:38 . 2013-01-18 11:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB2FFA28-5E09-4374-B48E-4C69399F170C}\mpengine.dll 2013-02-07 18:28 . 2013-02-07 18:56 -------- d-----w- c:\program files (x86)\TimeLineRemove 2013-02-05 11:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-02-05 11:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-02-05 11:36 . 2012-12-07 11:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2013-02-05 11:36 . 2012-12-07 10:46 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2013-02-05 11:36 . 2012-12-07 10:46 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2013-02-05 11:36 . 2012-12-07 10:46 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2013-02-05 11:36 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs 2013-02-05 11:36 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs 2013-02-05 11:36 . 2012-12-07 10:46 55296 ----a-w- c:\windows\SysWow64\cero.rs 2013-02-05 11:26 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32 askhost.exe 2013-02-05 11:26 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-02-05 11:26 . 2013-02-05 11:26 -------- d-----w- c:\users\rosy\AppData\Local\Apps 2013-02-05 11:25 . 2013-02-05 11:37 -------- d-----w- c:\users\rosy\AppData\Local\Deployment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-06 20:57 . 2012-06-03 22:19 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 00:28 . 2012-06-03 09:49 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-08 21:23 . 2012-06-03 19:18 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 21:23 . 2012-06-03 19:18 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-16 17:11 . 2012-12-20 19:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-20 19:06 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-20 19:06 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-20 19:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 15:49 . 2012-06-03 21:30 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-02-05 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-12 15:42 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 15:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 15:42 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 15:42 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 15:42 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 15:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 15:42 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 15:42 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 15:42 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 15:42 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 15:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 15:42 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 15:42 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 15:42 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 15:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 15:42 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 15:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 15:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 15:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 15:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 15:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 15:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [2007-03-27 1021440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 686592] . . --- Altri Servizi/Drivers In Memoria --- . *Deregistered* - aswMBR . Contenuto della cartella 'Scheduled Tasks' . 2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 21:23] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job - c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30] . 2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job - c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://search.chatzum.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 62.101.93.101 83.103.25.250 . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file) . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2013-02-10 20:03:50 ComboFix-quarantined-files.txt 2013-02-10 19:03 . Pre-Run: 322.569.670.656 byte disponibili Post-Run: 321.927.094.272 byte disponibili . - - End Of File - - 07E9400EFEC54A6BB896DF715189225F ciao e grazie di nuovo
  8. ciao,grazie della tua pazienza ecco il reporter 21:47:15.0857 1868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:47:16.0158 1868 ============================================================ 21:47:16.0158 1868 Current date / time: 2013/02/08 21:47:16.0158 21:47:16.0158 1868 SystemInfo: 21:47:16.0158 1868 21:47:16.0158 1868 OS Version: 6.1.7601 ServicePack: 1.0 21:47:16.0158 1868 Product type: Workstation 21:47:16.0158 1868 ComputerName: ROSY-PC 21:47:16.0158 1868 UserName: rosy 21:47:16.0158 1868 Windows directory: C:\Windows 21:47:16.0158 1868 System windows directory: C:\Windows 21:47:16.0158 1868 Running under WOW64 21:47:16.0158 1868 Processor architecture: Intel x64 21:47:16.0158 1868 Number of processors: 2 21:47:16.0158 1868 Page size: 0x1000 21:47:16.0158 1868 Boot type: Normal boot 21:47:16.0158 1868 ============================================================ 21:47:17.0419 1868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:47:17.0426 1868 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:47:17.0428 1868 ============================================================ 21:47:17.0428 1868 \Device\Harddisk0\DR0: 21:47:17.0428 1868 MBR partitions: 21:47:17.0428 1868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x98F67, BlocksNum 0x399257DC 21:47:17.0428 1868 \Device\Harddisk1\DR1: 21:47:17.0429 1868 MBR partitions: 21:47:17.0429 1868 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82 21:47:17.0429 1868 ============================================================ 21:47:17.0481 1868 C: <-> \Device\Harddisk0\DR0\Partition1 21:47:17.0481 1868 E: <-> \Device\Harddisk1\DR1\Partition1 21:47:17.0481 1868 ============================================================ 21:47:17.0481 1868 Initialize success 21:47:17.0481 1868 ============================================================ 21:47:19.0046 2184 ============================================================ 21:47:19.0046 2184 Scan started 21:47:19.0046 2184 Mode: Manual; 21:47:19.0046 2184 ============================================================ 21:47:19.0896 2184 ================ Scan system memory ======================== 21:47:19.0896 2184 System memory - ok 21:47:19.0896 2184 ================ Scan services ============================= 21:47:20.0029 2184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:47:20.0031 2184 1394ohci - ok 21:47:20.0097 2184 [ 6C342CE58E8F4A847E407833D6536CE3 ] A5AGU C:\Windows\system32\DRIVERS\AGUx64.sys 21:47:20.0109 2184 A5AGU - ok 21:47:20.0141 2184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:47:20.0145 2184 ACPI - ok 21:47:20.0167 2184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:47:20.0168 2184 AcpiPmi - ok 21:47:20.0260 2184 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:47:20.0261 2184 AdobeARMservice - ok 21:47:20.0456 2184 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:47:20.0461 2184 AdobeFlashPlayerUpdateSvc - ok 21:47:20.0504 2184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:47:20.0509 2184 adp94xx - ok 21:47:20.0534 2184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:47:20.0537 2184 adpahci - ok 21:47:20.0551 2184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:47:20.0554 2184 adpu320 - ok 21:47:20.0590 2184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:47:20.0591 2184 AeLookupSvc - ok 21:47:20.0633 2184 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys 21:47:20.0634 2184 Afc - ok 21:47:20.0686 2184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:47:20.0692 2184 AFD - ok 21:47:20.0724 2184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:47:20.0725 2184 agp440 - ok 21:47:20.0747 2184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:47:20.0749 2184 ALG - ok 21:47:20.0769 2184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:47:20.0770 2184 aliide - ok 21:47:20.0808 2184 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:47:20.0811 2184 AMD External Events Utility - ok 21:47:20.0828 2184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:47:20.0830 2184 amdide - ok 21:47:20.0857 2184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:47:20.0859 2184 AmdK8 - ok 21:47:20.0877 2184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:47:20.0879 2184 AmdPPM - ok 21:47:20.0900 2184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:47:20.0903 2184 amdsata - ok 21:47:20.0929 2184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:47:20.0932 2184 amdsbs - ok 21:47:20.0953 2184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:47:20.0954 2184 amdxata - ok 21:47:21.0001 2184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:47:21.0002 2184 AppID - ok 21:47:21.0022 2184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:47:21.0023 2184 AppIDSvc - ok 21:47:21.0056 2184 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 21:47:21.0057 2184 Appinfo - ok 21:47:21.0117 2184 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:47:21.0119 2184 Apple Mobile Device - ok 21:47:21.0140 2184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 21:47:21.0141 2184 arc - ok 21:47:21.0148 2184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:47:21.0149 2184 arcsas - ok 21:47:21.0219 2184 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 21:47:21.0219 2184 aswFsBlk - ok 21:47:21.0250 2184 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 21:47:21.0251 2184 aswMonFlt - ok 21:47:21.0259 2184 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 21:47:21.0260 2184 aswRdr - ok 21:47:21.0280 2184 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 21:47:21.0285 2184 aswSnx - ok 21:47:21.0300 2184 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys 21:47:21.0302 2184 aswSP - ok 21:47:21.0328 2184 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 21:47:21.0329 2184 aswTdi - ok 21:47:21.0358 2184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:47:21.0359 2184 AsyncMac - ok 21:47:21.0391 2184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:47:21.0391 2184 atapi - ok 21:47:21.0520 2184 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:47:21.0598 2184 atikmdag - ok 21:47:21.0635 2184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:47:21.0639 2184 AudioEndpointBuilder - ok 21:47:21.0650 2184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:47:21.0653 2184 AudioSrv - ok 21:47:21.0738 2184 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 21:47:21.0740 2184 avast! Antivirus - ok 21:47:21.0794 2184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:47:21.0797 2184 AxInstSV - ok 21:47:21.0817 2184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 21:47:21.0822 2184 b06bdrv - ok 21:47:21.0863 2184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:47:21.0867 2184 b57nd60a - ok 21:47:21.0897 2184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:47:21.0899 2184 BDESVC - ok 21:47:21.0915 2184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:47:21.0916 2184 Beep - ok 21:47:21.0972 2184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:47:21.0981 2184 BFE - ok 21:47:22.0022 2184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:47:22.0037 2184 BITS - ok 21:47:22.0051 2184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:47:22.0053 2184 blbdrive - ok 21:47:22.0127 2184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:47:22.0129 2184 Bonjour Service - ok 21:47:22.0175 2184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:47:22.0177 2184 bowser - ok 21:47:22.0203 2184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:47:22.0204 2184 BrFiltLo - ok 21:47:22.0216 2184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:47:22.0217 2184 BrFiltUp - ok 21:47:22.0249 2184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:47:22.0250 2184 Browser - ok 21:47:22.0266 2184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:47:22.0270 2184 Brserid - ok 21:47:22.0279 2184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:47:22.0280 2184 BrSerWdm - ok 21:47:22.0303 2184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:47:22.0305 2184 BrUsbMdm - ok 21:47:22.0309 2184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:47:22.0310 2184 BrUsbSer - ok 21:47:22.0316 2184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:47:22.0318 2184 BTHMODEM - ok 21:47:22.0352 2184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:47:22.0353 2184 bthserv - ok 21:47:22.0369 2184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:47:22.0371 2184 cdfs - ok 21:47:22.0399 2184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 21:47:22.0401 2184 cdrom - ok 21:47:22.0434 2184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:47:22.0436 2184 CertPropSvc - ok 21:47:22.0452 2184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:47:22.0453 2184 circlass - ok 21:47:22.0484 2184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:47:22.0488 2184 CLFS - ok 21:47:22.0554 2184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:47:22.0555 2184 clr_optimization_v2.0.50727_32 - ok 21:47:22.0595 2184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:47:22.0597 2184 clr_optimization_v2.0.50727_64 - ok 21:47:22.0672 2184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:47:22.0674 2184 clr_optimization_v4.0.30319_32 - ok 21:47:22.0697 2184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:47:22.0699 2184 clr_optimization_v4.0.30319_64 - ok 21:47:22.0713 2184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:47:22.0714 2184 CmBatt - ok 21:47:22.0751 2184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:47:22.0752 2184 cmdide - ok 21:47:22.0781 2184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 21:47:22.0786 2184 CNG - ok 21:47:22.0802 2184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:47:22.0803 2184 Compbatt - ok 21:47:22.0816 2184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:47:22.0818 2184 CompositeBus - ok 21:47:22.0822 2184 COMSysApp - ok 21:47:22.0839 2184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:47:22.0840 2184 crcdisk - ok 21:47:22.0887 2184 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:47:22.0890 2184 CryptSvc - ok 21:47:22.0925 2184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:47:22.0929 2184 DcomLaunch - ok 21:47:22.0965 2184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:47:22.0969 2184 defragsvc - ok 21:47:22.0997 2184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:47:22.0999 2184 DfsC - ok 21:47:23.0045 2184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:47:23.0049 2184 Dhcp - ok 21:47:23.0068 2184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:47:23.0069 2184 discache - ok 21:47:23.0079 2184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:47:23.0080 2184 Disk - ok 21:47:23.0114 2184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:47:23.0117 2184 Dnscache - ok 21:47:23.0143 2184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:47:23.0147 2184 dot3svc - ok 21:47:23.0177 2184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:47:23.0180 2184 DPS - ok 21:47:23.0233 2184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:47:23.0234 2184 drmkaud - ok 21:47:23.0275 2184 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:47:23.0280 2184 DXGKrnl - ok 21:47:23.0329 2184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:47:23.0332 2184 EapHost - ok 21:47:23.0395 2184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 21:47:23.0445 2184 ebdrv - ok 21:47:23.0494 2184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:47:23.0498 2184 EFS - ok 21:47:23.0571 2184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:47:23.0580 2184 ehRecvr - ok 21:47:23.0619 2184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:47:23.0621 2184 ehSched - ok 21:47:23.0650 2184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:47:23.0657 2184 elxstor - ok 21:47:23.0673 2184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:47:23.0703 2184 ErrDev - ok 21:47:23.0753 2184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:47:23.0758 2184 EventSystem - ok 21:47:23.0776 2184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:47:23.0821 2184 exfat - ok 21:47:23.0857 2184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:47:23.0860 2184 fastfat - ok 21:47:24.0030 2184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:47:24.0040 2184 Fax - ok 21:47:24.0055 2184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:47:24.0056 2184 fdc - ok 21:47:24.0072 2184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:47:24.0073 2184 fdPHost - ok 21:47:24.0078 2184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:47:24.0080 2184 FDResPub - ok 21:47:24.0085 2184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:47:24.0087 2184 FileInfo - ok 21:47:24.0099 2184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:47:24.0100 2184 Filetrace - ok 21:47:24.0111 2184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:47:24.0113 2184 flpydisk - ok 21:47:24.0160 2184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:47:24.0163 2184 FltMgr - ok 21:47:24.0205 2184 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 21:47:24.0212 2184 FontCache - ok 21:47:24.0265 2184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:47:24.0267 2184 FontCache3.0.0.0 - ok 21:47:24.0290 2184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:47:24.0292 2184 FsDepends - ok 21:47:24.0335 2184 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 21:47:24.0336 2184 fssfltr - ok 21:47:24.0401 2184 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 21:47:24.0416 2184 fsssvc - ok 21:47:24.0444 2184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:47:24.0445 2184 Fs_Rec - ok 21:47:24.0533 2184 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:47:24.0536 2184 fvevol - ok 21:47:24.0554 2184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:47:24.0556 2184 gagp30kx - ok 21:47:24.0585 2184 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:47:24.0586 2184 GEARAspiWDM - ok 21:47:24.0626 2184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:47:24.0635 2184 gpsvc - ok 21:47:24.0715 2184 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:47:24.0717 2184 gupdate - ok 21:47:24.0741 2184 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:47:24.0743 2184 gupdatem - ok 21:47:24.0932 2184 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 21:47:24.0985 2184 gusvc - ok 21:47:25.0009 2184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:47:25.0128 2184 hcw85cir - ok 21:47:25.0204 2184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:47:25.0209 2184 HdAudAddService - ok 21:47:25.0252 2184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:47:25.0254 2184 HDAudBus - ok 21:47:25.0260 2184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:47:25.0262 2184 HidBatt - ok 21:47:25.0281 2184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:47:25.0283 2184 HidBth - ok 21:47:25.0330 2184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:47:25.0332 2184 HidIr - ok 21:47:25.0363 2184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:47:25.0366 2184 hidserv - ok 21:47:25.0375 2184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:47:25.0377 2184 HidUsb - ok 21:47:25.0405 2184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:47:25.0409 2184 hkmsvc - ok 21:47:25.0468 2184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:47:25.0471 2184 HomeGroupListener - ok 21:47:25.0508 2184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:47:25.0512 2184 HomeGroupProvider - ok 21:47:25.0548 2184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:47:25.0549 2184 HpSAMD - ok 21:47:25.0598 2184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:47:25.0606 2184 HTTP - ok 21:47:25.0638 2184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:47:25.0638 2184 hwpolicy - ok 21:47:25.0655 2184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:47:25.0656 2184 i8042prt - ok 21:47:25.0695 2184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:47:25.0700 2184 iaStorV - ok 21:47:25.0745 2184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:47:25.0756 2184 idsvc - ok 21:47:25.0773 2184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:47:25.0775 2184 iirsp - ok 21:47:25.0832 2184 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 21:47:25.0833 2184 IJPLMSVC - ok 21:47:25.0864 2184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:47:25.0876 2184 IKEEXT - ok 21:47:25.0894 2184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:47:25.0895 2184 intelide - ok 21:47:25.0907 2184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:47:25.0908 2184 intelppm - ok 21:47:25.0934 2184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:47:25.0937 2184 IPBusEnum - ok 21:47:25.0965 2184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:47:25.0966 2184 IpFilterDriver - ok 21:47:26.0004 2184 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:47:26.0011 2184 iphlpsvc - ok 21:47:26.0029 2184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:47:26.0031 2184 IPMIDRV - ok 21:47:26.0046 2184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:47:26.0048 2184 IPNAT - ok 21:47:26.0121 2184 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:47:26.0133 2184 iPod Service - ok 21:47:26.0163 2184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:47:26.0164 2184 IRENUM - ok 21:47:26.0179 2184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:47:26.0220 2184 isapnp - ok 21:47:26.0269 2184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:47:26.0280 2184 iScsiPrt - ok 21:47:26.0341 2184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:47:26.0342 2184 kbdclass - ok 21:47:26.0376 2184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:47:26.0378 2184 kbdhid - ok 21:47:26.0387 2184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:47:26.0390 2184 KeyIso - ok 21:47:26.0421 2184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:47:26.0423 2184 KSecDD - ok 21:47:26.0471 2184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:47:26.0474 2184 KSecPkg - ok 21:47:26.0492 2184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:47:26.0494 2184 ksthunk - ok 21:47:26.0531 2184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:47:26.0540 2184 KtmRm - ok 21:47:26.0598 2184 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys 21:47:26.0599 2184 L1E - ok 21:47:26.0630 2184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:47:26.0635 2184 LanmanServer - ok 21:47:26.0666 2184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:47:26.0671 2184 LanmanWorkstation - ok 21:47:26.0703 2184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:47:26.0705 2184 lltdio - ok 21:47:26.0722 2184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:47:26.0727 2184 lltdsvc - ok 21:47:26.0744 2184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:47:26.0746 2184 lmhosts - ok 21:47:26.0781 2184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:47:26.0783 2184 LSI_FC - ok 21:47:26.0788 2184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:47:26.0790 2184 LSI_SAS - ok 21:47:26.0795 2184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:47:26.0796 2184 LSI_SAS2 - ok 21:47:26.0815 2184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:47:26.0817 2184 LSI_SCSI - ok 21:47:26.0822 2184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:47:26.0825 2184 luafv - ok 21:47:26.0867 2184 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys 21:47:26.0869 2184 MarvinBus - ok 21:47:26.0898 2184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:47:26.0901 2184 Mcx2Svc - ok 21:47:26.0922 2184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:47:26.0924 2184 megasas - ok 21:47:26.0941 2184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:47:26.0944 2184 MegaSR - ok 21:47:27.0012 2184 Microsoft SharePoint Workspace Audit Service - ok 21:47:27.0058 2184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:47:27.0061 2184 MMCSS - ok 21:47:27.0067 2184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:47:27.0069 2184 Modem - ok 21:47:27.0074 2184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:47:27.0075 2184 monitor - ok 21:47:27.0110 2184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:47:27.0111 2184 mouclass - ok 21:47:27.0140 2184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:47:27.0142 2184 mouhid - ok 21:47:27.0171 2184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:47:27.0173 2184 mountmgr - ok 21:47:27.0203 2184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:47:27.0205 2184 mpio - ok 21:47:27.0211 2184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:47:27.0213 2184 mpsdrv - ok 21:47:27.0247 2184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:47:27.0256 2184 MpsSvc - ok 21:47:27.0289 2184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:47:27.0292 2184 MRxDAV - ok 21:47:27.0322 2184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:47:27.0325 2184 mrxsmb - ok 21:47:27.0337 2184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:47:27.0341 2184 mrxsmb10 - ok 21:47:27.0365 2184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:47:27.0367 2184 mrxsmb20 - ok 21:47:27.0380 2184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:47:27.0381 2184 msahci - ok 21:47:27.0397 2184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:47:27.0399 2184 msdsm - ok 21:47:27.0419 2184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:47:27.0422 2184 MSDTC - ok 21:47:27.0431 2184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:47:27.0432 2184 Msfs - ok 21:47:27.0450 2184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:47:27.0451 2184 mshidkmdf - ok 21:47:27.0486 2184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:47:27.0487 2184 msisadrv - ok 21:47:27.0519 2184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:47:27.0523 2184 MSiSCSI - ok 21:47:27.0527 2184 msiserver - ok 21:47:27.0555 2184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:47:27.0556 2184 MSKSSRV - ok 21:47:27.0586 2184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:47:27.0587 2184 MSPCLOCK - ok 21:47:27.0600 2184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:47:27.0601 2184 MSPQM - ok 21:47:27.0639 2184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:47:27.0643 2184 MsRPC - ok 21:47:27.0669 2184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:47:27.0670 2184 mssmbios - ok 21:47:27.0690 2184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:47:27.0691 2184 MSTEE - ok 21:47:27.0707 2184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:47:27.0708 2184 MTConfig - ok 21:47:27.0761 2184 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 21:47:27.0762 2184 MTsensor - ok 21:47:27.0780 2184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:47:27.0781 2184 Mup - ok 21:47:27.0820 2184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:47:27.0827 2184 napagent - ok 21:47:27.0845 2184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:47:27.0849 2184 NativeWifiP - ok 21:47:27.0890 2184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:47:27.0899 2184 NDIS - ok 21:47:27.0932 2184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:47:27.0933 2184 NdisCap - ok 21:47:27.0952 2184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:47:27.0954 2184 NdisTapi - ok 21:47:27.0990 2184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:47:27.0992 2184 Ndisuio - ok 21:47:28.0019 2184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:47:28.0022 2184 NdisWan - ok 21:47:28.0049 2184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:47:28.0051 2184 NDProxy - ok 21:47:28.0168 2184 [ 6D4028D458EAAA1782099750790DC8C9 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe 21:47:28.0176 2184 Nero BackItUp Scheduler 3 - ok 21:47:28.0183 2184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:47:28.0185 2184 NetBIOS - ok 21:47:28.0233 2184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:47:28.0236 2184 NetBT - ok 21:47:28.0245 2184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:47:28.0248 2184 Netlogon - ok 21:47:28.0297 2184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:47:28.0305 2184 Netman - ok 21:47:28.0317 2184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:47:28.0325 2184 netprofm - ok 21:47:28.0348 2184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:47:28.0350 2184 NetTcpPortSharing - ok 21:47:28.0385 2184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:47:28.0386 2184 nfrd960 - ok 21:47:28.0417 2184 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:47:28.0421 2184 NlaSvc - ok 21:47:28.0528 2184 [ 1BEF5464C06F4AF0C704378824C52ADB ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe 21:47:28.0534 2184 NMIndexingService - ok 21:47:28.0539 2184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:47:28.0541 2184 Npfs - ok 21:47:28.0567 2184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:47:28.0570 2184 nsi - ok 21:47:28.0575 2184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:47:28.0577 2184 nsiproxy - ok 21:47:28.0636 2184 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:47:28.0661 2184 Ntfs - ok 21:47:28.0686 2184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:47:28.0687 2184 Null - ok 21:47:28.0721 2184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:47:28.0724 2184 nvraid - ok 21:47:28.0744 2184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:47:28.0748 2184 nvstor - ok 21:47:28.0773 2184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:47:28.0776 2184 nv_agp - ok 21:47:28.0803 2184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:47:28.0804 2184 ohci1394 - ok 21:47:28.0831 2184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:47:28.0833 2184 ose - ok 21:47:28.0964 2184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:47:29.0045 2184 osppsvc - ok 21:47:29.0078 2184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:47:29.0082 2184 p2pimsvc - ok 21:47:29.0095 2184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:47:29.0099 2184 p2psvc - ok 21:47:29.0143 2184 [ E55FDEDB0AC89B41970AAE0F44FC2DCA ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS 21:47:29.0152 2184 PAC207 - ok 21:47:29.0185 2184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:47:29.0188 2184 Parport - ok 21:47:29.0220 2184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:47:29.0222 2184 partmgr - ok 21:47:29.0231 2184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:47:29.0237 2184 PcaSvc - ok 21:47:29.0254 2184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:47:29.0257 2184 pci - ok 21:47:29.0282 2184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:47:29.0283 2184 pciide - ok 21:47:29.0297 2184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:47:29.0300 2184 pcmcia - ok 21:47:29.0304 2184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:47:29.0305 2184 pcw - ok 21:47:29.0331 2184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:47:29.0338 2184 PEAUTH - ok 21:47:29.0414 2184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:47:29.0417 2184 PerfHost - ok 21:47:29.0485 2184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:47:29.0517 2184 pla - ok 21:47:29.0564 2184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:47:29.0572 2184 PlugPlay - ok 21:47:29.0585 2184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:47:29.0590 2184 PNRPAutoReg - ok 21:47:29.0612 2184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:47:29.0618 2184 PNRPsvc - ok 21:47:29.0640 2184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:47:29.0648 2184 PolicyAgent - ok 21:47:29.0681 2184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:47:29.0688 2184 Power - ok 21:47:29.0730 2184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:47:29.0732 2184 PptpMiniport - ok 21:47:29.0759 2184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:47:29.0761 2184 Processor - ok 21:47:29.0812 2184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:47:29.0818 2184 ProfSvc - ok 21:47:29.0828 2184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:47:29.0831 2184 ProtectedStorage - ok 21:47:29.0878 2184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:47:29.0881 2184 Psched - ok 21:47:29.0932 2184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:47:29.0963 2184 ql2300 - ok 21:47:29.0969 2184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:47:29.0971 2184 ql40xx - ok 21:47:30.0008 2184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:47:30.0013 2184 QWAVE - ok 21:47:30.0023 2184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:47:30.0024 2184 QWAVEdrv - ok 21:47:30.0041 2184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:47:30.0042 2184 RasAcd - ok 21:47:30.0091 2184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:47:30.0093 2184 RasAgileVpn - ok 21:47:30.0105 2184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:47:30.0109 2184 RasAuto - ok 21:47:30.0138 2184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:47:30.0140 2184 Rasl2tp - ok 21:47:30.0172 2184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:47:30.0180 2184 RasMan - ok 21:47:30.0198 2184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:47:30.0200 2184 RasPppoe - ok 21:47:30.0231 2184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:47:30.0234 2184 RasSstp - ok 21:47:30.0267 2184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:47:30.0271 2184 rdbss - ok 21:47:30.0294 2184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:47:30.0296 2184 rdpbus - ok 21:47:30.0314 2184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:47:30.0315 2184 RDPCDD - ok 21:47:30.0327 2184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:47:30.0328 2184 RDPENCDD - ok 21:47:30.0352 2184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:47:30.0353 2184 RDPREFMP - ok 21:47:30.0389 2184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:47:30.0392 2184 RDPWD - ok 21:47:30.0430 2184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:47:30.0433 2184 rdyboost - ok 21:47:30.0463 2184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:47:30.0476 2184 RemoteAccess - ok 21:47:30.0605 2184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:47:30.0638 2184 RemoteRegistry - ok 21:47:30.0717 2184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:47:30.0743 2184 RpcEptMapper - ok 21:47:30.0771 2184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:47:30.0774 2184 RpcLocator - ok 21:47:30.0809 2184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:47:30.0818 2184 RpcSs - ok 21:47:30.0826 2184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:47:30.0829 2184 rspndr - ok 21:47:30.0845 2184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:47:30.0847 2184 SamSs - ok 21:47:30.0880 2184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:47:30.0881 2184 sbp2port - ok 21:47:30.0932 2184 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 21:47:30.0938 2184 SBSDWSCService - ok 21:47:30.0976 2184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:47:30.0982 2184 SCardSvr - ok 21:47:31.0011 2184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:47:31.0013 2184 scfilter - ok 21:47:31.0060 2184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:47:31.0073 2184 Schedule - ok 21:47:31.0101 2184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:47:31.0102 2184 SCPolicySvc - ok 21:47:31.0128 2184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:47:31.0133 2184 SDRSVC - ok 21:47:31.0148 2184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:47:31.0149 2184 secdrv - ok 21:47:31.0183 2184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:47:31.0221 2184 seclogon - ok 21:47:31.0229 2184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:47:31.0232 2184 SENS - ok 21:47:31.0242 2184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:47:31.0245 2184 SensrSvc - ok 21:47:31.0281 2184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:47:31.0282 2184 Serenum - ok 21:47:31.0301 2184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:47:31.0303 2184 Serial - ok 21:47:31.0323 2184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:47:31.0324 2184 sermouse - ok 21:47:31.0359 2184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:47:31.0363 2184 SessionEnv - ok 21:47:31.0385 2184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:47:31.0387 2184 sffdisk - ok 21:47:31.0394 2184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:47:31.0396 2184 sffp_mmc - ok 21:47:31.0409 2184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:47:31.0410 2184 sffp_sd - ok 21:47:31.0430 2184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:47:31.0432 2184 sfloppy - ok 21:47:31.0468 2184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:47:31.0477 2184 SharedAccess - ok 21:47:31.0506 2184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:47:31.0512 2184 ShellHWDetection - ok 21:47:31.0528 2184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:47:31.0530 2184 SiSRaid2 - ok 21:47:31.0535 2184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:47:31.0536 2184 SiSRaid4 - ok 21:47:31.0547 2184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:47:31.0549 2184 Smb - ok 21:47:31.0578 2184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:47:31.0582 2184 SNMPTRAP - ok 21:47:31.0586 2184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:47:31.0587 2184 spldr - ok 21:47:31.0629 2184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:47:31.0635 2184 Spooler - ok 21:47:31.0712 2184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:47:31.0774 2184 sppsvc - ok 21:47:31.0791 2184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:47:31.0795 2184 sppuinotify - ok 21:47:31.0833 2184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:47:31.0838 2184 srv - ok 21:47:31.0855 2184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:47:31.0859 2184 srv2 - ok 21:47:31.0892 2184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:47:31.0894 2184 srvnet - ok 21:47:31.0932 2184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:47:31.0939 2184 SSDPSRV - ok 21:47:31.0946 2184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:47:31.0952 2184 SstpSvc - ok 21:47:31.0973 2184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:47:31.0974 2184 stexstor - ok 21:47:32.0014 2184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:47:32.0023 2184 stisvc - ok 21:47:32.0052 2184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:47:32.0052 2184 swenum - ok 21:47:32.0087 2184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:47:32.0095 2184 swprv - ok 21:47:32.0145 2184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:47:32.0179 2184 SysMain - ok 21:47:32.0206 2184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:47:32.0210 2184 TabletInputService - ok 21:47:32.0240 2184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:47:32.0246 2184 TapiSrv - ok 21:47:32.0278 2184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:47:32.0281 2184 TBS - ok 21:47:32.0338 2184 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:47:32.0360 2184 Tcpip - ok 21:47:32.0416 2184 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:47:32.0425 2184 TCPIP6 - ok 21:47:32.0456 2184 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:47:32.0469 2184 tcpipreg - ok 21:47:32.0489 2184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:47:32.0490 2184 TDPIPE - ok 21:47:32.0513 2184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:47:32.0514 2184 TDTCP - ok 21:47:32.0560 2184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:47:32.0563 2184 tdx - ok 21:47:32.0573 2184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:47:32.0575 2184 TermDD - ok 21:47:32.0607 2184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:47:32.0617 2184 TermService - ok 21:47:32.0637 2184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:47:32.0640 2184 Themes - ok 21:47:32.0665 2184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:47:32.0668 2184 THREADORDER - ok 21:47:32.0686 2184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:47:32.0691 2184 TrkWks - ok 21:47:32.0745 2184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:47:32.0748 2184 TrustedInstaller - ok 21:47:32.0785 2184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:47:32.0786 2184 tssecsrv - ok 21:47:32.0828 2184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:47:32.0830 2184 TsUsbFlt - ok 21:47:32.0888 2184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:47:32.0890 2184 tunnel - ok 21:47:32.0913 2184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:47:32.0915 2184 uagp35 - ok 21:47:32.0952 2184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:47:32.0957 2184 udfs - ok 21:47:32.0985 2184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:47:32.0989 2184 UI0Detect - ok 21:47:33.0012 2184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:47:33.0014 2184 uliagpkx - ok 21:47:33.0063 2184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 21:47:33.0064 2184 umbus - ok 21:47:33.0084 2184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:47:33.0086 2184 UmPass - ok 21:47:33.0122 2184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:47:33.0129 2184 upnphost - ok 21:47:33.0173 2184 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 21:47:33.0174 2184 USBAAPL64 - ok 21:47:33.0225 2184 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 21:47:33.0227 2184 usbaudio - ok 21:47:33.0252 2184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:47:33.0254 2184 usbccgp - ok 21:47:33.0292 2184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:47:33.0294 2184 usbcir - ok 21:47:33.0299 2184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:47:33.0301 2184 usbehci - ok 21:47:33.0325 2184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:47:33.0329 2184 usbhub - ok 21:47:33.0350 2184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:47:33.0351 2184 usbohci - ok 21:47:33.0379 2184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:47:33.0380 2184 usbprint - ok 21:47:33.0406 2184 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:47:33.0407 2184 usbscan - ok 21:47:33.0442 2184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:47:33.0444 2184 USBSTOR - ok 21:47:33.0450 2184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 21:47:33.0452 2184 usbuhci - ok 21:47:33.0466 2184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:47:33.0472 2184 UxSms - ok 21:47:33.0486 2184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:47:33.0488 2184 VaultSvc - ok 21:47:33.0500 2184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:47:33.0501 2184 vdrvroot - ok 21:47:33.0538 2184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:47:33.0546 2184 vds - ok 21:47:33.0563 2184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:47:33.0564 2184 vga - ok 21:47:33.0583 2184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:47:33.0585 2184 VgaSave - ok 21:47:33.0606 2184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:47:33.0609 2184 vhdmp - ok 21:47:33.0635 2184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:47:33.0636 2184 viaide - ok 21:47:33.0657 2184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:47:33.0658 2184 volmgr - ok 21:47:33.0698 2184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:47:33.0703 2184 volmgrx - ok 21:47:33.0720 2184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:47:33.0725 2184 volsnap - ok 21:47:33.0757 2184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:47:33.0760 2184 vsmraid - ok 21:47:33.0808 2184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:47:33.0832 2184 VSS - ok 21:47:33.0861 2184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 21:47:33.0862 2184 vwifibus - ok 21:47:33.0884 2184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:47:33.0892 2184 W32Time - ok 21:47:33.0910 2184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:47:33.0912 2184 WacomPen - ok 21:47:33.0945 2184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:47:33.0947 2184 WANARP - ok 21:47:33.0961 2184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:47:33.0963 2184 Wanarpv6 - ok 21:47:34.0035 2184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 21:47:34.0057 2184 WatAdminSvc - ok 21:47:34.0104 2184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:47:34.0129 2184 wbengine - ok 21:47:34.0147 2184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:47:34.0154 2184 WbioSrvc - ok 21:47:34.0185 2184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:47:34.0193 2184 wcncsvc - ok 21:47:34.0210 2184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:47:34.0215 2184 WcsPlugInService - ok 21:47:34.0231 2184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:47:34.0232 2184 Wd - ok 21:47:34.0277 2184 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:47:34.0286 2184 Wdf01000 - ok 21:47:34.0304 2184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:47:34.0308 2184 WdiServiceHost - ok 21:47:34.0312 2184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:47:34.0316 2184 WdiSystemHost - ok 21:47:34.0352 2184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:47:34.0358 2184 WebClient - ok 21:47:34.0376 2184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:47:34.0381 2184 Wecsvc - ok 21:47:34.0387 2184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:47:34.0390 2184 wercplsupport - ok 21:47:34.0421 2184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:47:34.0425 2184 WerSvc - ok 21:47:34.0460 2184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:47:34.0473 2184 WfpLwf - ok 21:47:34.0477 2184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:47:34.0479 2184 WIMMount - ok 21:47:34.0494 2184 WinDefend - ok 21:47:34.0499 2184 WinHttpAutoProxySvc - ok 21:47:34.0675 2184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:47:34.0679 2184 Winmgmt - ok 21:47:34.0738 2184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:47:34.0782 2184 WinRM - ok 21:47:34.0842 2184 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:47:34.0844 2184 WinUsb - ok 21:47:34.0878 2184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:47:34.0893 2184 Wlansvc - ok 21:47:34.0953 2184 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 21:47:34.0955 2184 wlcrasvc - ok 21:47:35.0048 2184 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:47:35.0073 2184 wlidsvc - ok 21:47:35.0096 2184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:47:35.0097 2184 WmiAcpi - ok 21:47:35.0130 2184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:47:35.0133 2184 wmiApSrv - ok 21:47:35.0162 2184 WMPNetworkSvc - ok 21:47:35.0183 2184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:47:35.0187 2184 WPCSvc - ok 21:47:35.0208 2184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:47:35.0213 2184 WPDBusEnum - ok 21:47:35.0245 2184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:47:35.0246 2184 ws2ifsl - ok 21:47:35.0257 2184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:47:35.0261 2184 wscsvc - ok 21:47:35.0267 2184 WSearch - ok 21:47:35.0331 2184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:47:35.0345 2184 wuauserv - ok 21:47:35.0377 2184 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:47:35.0379 2184 WudfPf - ok 21:47:35.0419 2184 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:47:35.0422 2184 WUDFRd - ok 21:47:35.0455 2184 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:47:35.0463 2184 wudfsvc - ok 21:47:35.0488 2184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 21:47:35.0493 2184 WwanSvc - ok 21:47:35.0500 2184 ================ Scan global =============================== 21:47:35.0525 2184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:47:35.0554 2184 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 21:47:35.0564 2184 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 21:47:35.0589 2184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:47:35.0623 2184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:47:35.0627 2184 [Global] - ok 21:47:35.0628 2184 ================ Scan MBR ================================== 21:47:35.0636 2184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:47:35.0822 2184 \Device\Harddisk0\DR0 - ok 21:47:35.0827 2184 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 21:47:35.0832 2184 \Device\Harddisk1\DR1 - ok 21:47:35.0832 2184 ================ Scan VBR ================================== 21:47:35.0843 2184 [ B779E78B4DD229FA1F00B344CC124EDD ] \Device\Harddisk0\DR0\Partition1 21:47:35.0845 2184 \Device\Harddisk0\DR0\Partition1 - ok 21:47:35.0852 2184 [ 155D46ECE667BC85E06FA839493C2D02 ] \Device\Harddisk1\DR1\Partition1 21:47:35.0853 2184 \Device\Harddisk1\DR1\Partition1 - ok 21:47:35.0854 2184 ============================================================ 21:47:35.0854 2184 Scan finished 21:47:35.0854 2184 ============================================================ 21:47:35.0865 3120 Detected object count: 0 21:47:35.0865 3120 Actual detected object count: 0
  9. kaspersky,mi fa la scansione apro report lo evidenzio,ma nn mi apre per copiarlo e incollarlo
  10. kaspersky,mi fa la scansione apro report lo evidenzio,ma nn mi apre per copiarlo e incollarlo
  11. OTL Extras logfile created on: 07/02/2013 19:21:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rosy\Desktop\Nuova cartella (3) 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,70% Memory free 8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 460,57 Gb Total Space | 297,95 Gb Free Space | 64,69% Space Free | Partition Type: NTFS Computer Name: ROSY-PC | User Name: rosy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00987A1D-F2B9-4212-A7EA-7C59E34381D2}" = rport=137 | protocol=17 | dir=out | app=system | "{11B11611-AB5E-42B2-B018-BBC8F52C04EF}" = lport=137 | protocol=17 | dir=in | app=system | "{173869AE-F34A-42AA-A5BD-B1F8A5903E14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{239B79BF-F170-4CDB-A287-C342F55ADFD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28510F5B-5700-4BFE-97DB-FD0ADEEE2EC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{3D22AA8E-6CFE-4DE3-8B4D-C2CE0AE87EC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{41E58A06-9030-48E2-9FBF-31CF90F5C5A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{50241922-65E7-43C8-9BE1-99E24878CD56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{51086DFF-25C3-441C-9DC5-5E040FE4905A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52D41B75-99CD-4550-80B0-7F4D4496CAAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5560FB7A-F7D5-4073-99ED-4F58646D0E07}" = lport=138 | protocol=17 | dir=in | app=system | "{57B0AED4-2D1D-4532-8E5D-0D3C0C74D7CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6A3DF1E8-8471-4ED2-98D9-215327426FC1}" = rport=10243 | protocol=6 | dir=out | app=system | "{8353CF3E-6777-40BE-B7C6-8C1D5CA17AF3}" = rport=139 | protocol=6 | dir=out | app=system | "{83A7E89A-4433-4DB4-8F69-5F49589D2867}" = rport=138 | protocol=17 | dir=out | app=system | "{8C106072-18F2-47B9-92A7-E5DA7F9AF661}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8D4DDC3A-E9D0-4337-8AE4-80CB04BB13BE}" = rport=445 | protocol=6 | dir=out | app=system | "{B8B1498B-CAD0-44A6-97C5-0F39F1AA0566}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BFC06245-DD0C-43B2-81BF-51854A118633}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CCEDC339-CA4B-4F70-AAAE-26F0C5B0A276}" = lport=10243 | protocol=6 | dir=in | app=system | "{D04F81C3-378C-4FC2-9DE8-612FE4FAA694}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D06CC6E0-9B87-4665-999B-0660202A0C15}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E5523EE0-9F9D-44A4-B22B-E6BF5DEF70FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F1F2B72D-9F1E-4F0D-BCF8-96BB6E75ACDC}" = lport=139 | protocol=6 | dir=in | app=system | "{FA7713DE-94F0-4BAD-8533-BE8E46F528F4}" = lport=445 | protocol=6 | dir=in | app=system | "{FBB8F19E-587B-463D-8D28-74EBA55A7EC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04CA1146-7E2C-4CCF-B6F3-E6D28C89817A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{107166A5-0D12-49BD-8D41-752909CE1D40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{178367A2-ABB3-4BD7-9DE0-89AD044354C0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{193E11E3-2850-4B14-A2EE-B4E334A9543E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{19F9B202-0A66-4979-A63E-22C225CABA65}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1EBECBDD-4C49-41FD-AC2C-38A22652FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{232EA409-FEAD-4CC4-89D2-5C74D9D9FC40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{268688FF-3C02-4FFE-B2BD-487588ABDDBE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{334FB308-84FC-481D-BBEE-C16F951351C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe | "{40259BD7-B33D-467B-B4E5-FCA1A98F5702}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{42F03ADC-B2BD-4463-BC70-E8795A62A3D0}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{44D3D219-F7FE-4F25-86C2-13AF95D45620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{472656CA-995D-4C7C-B87A-04BB2786F0E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4B5E8424-F391-4BA1-B902-A958CD84A4FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{55D65A18-A33F-4FDD-BA92-C3AB3815EDDB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{56E1631F-2183-4B40-A703-A60BE73E18C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{5C94A239-D6CC-41AE-A544-54D91C5934B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{61E4D5CB-9E9A-40D9-B61F-D67EB4930662}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{644B132A-2C2D-4852-934E-880E4A503886}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{65D455DB-B372-473F-A415-02E9F80F1897}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6692C513-D647-4BE2-BBEC-1EE1C0FBDE16}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{6A010C39-BAD7-486C-B094-B941467D0F87}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{6EAF2337-6FDC-45DA-B89E-3A13A9D4C9D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{6FF4E6C5-72E9-4E53-BAC9-5B1EE8263D0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{74DEF11D-0118-47EB-A7D3-D0015FDB082D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{76EF8674-36BC-4FCB-A6A5-945F761C2BF9}" = protocol=6 | dir=out | app=system | "{79BF850C-03BE-4FE3-8972-FA9BC38CDC43}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{85F1D703-BDDE-41D9-BB81-53844F7A3EDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8E9CE987-9CFC-4D13-9C32-3B0D4E02C695}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe | "{96A51768-055B-4B6D-866B-18CDC4D96265}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9AAA2DAB-1697-4FE5-B5FB-FED971EB36C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A94E449D-92FA-4C79-BE01-981AD3ED3F1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{ABAF8444-49B7-46BF-A821-092390DE1439}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe | "{B698761C-990B-4A9C-A63F-3FBA74CFF084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BBECCB51-EC31-41DA-A3B0-362CE2E62122}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CDED2C8B-4659-4534-AC1A-B851A7195DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{CECD6B9A-961F-4EF9-BDA3-0F283EE18682}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{CF8E4E6C-EE06-4658-A261-A7C83A33FA7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{D511BC8E-7584-4E88-804A-CB37A63E730D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D6151435-FAC1-4D48-AE0D-912CF88B3F55}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe | "{D69E509B-23DC-4CEB-9725-1ACECCD9D000}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D730F676-5F4A-42DB-AB45-796B693C8C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DFDB77F6-2DA8-4701-9BC1-494597C36823}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{E0357592-5A71-4B62-9F67-33E23B8523C9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe | "{EF3880DA-17FC-445D-BE88-8B5577FC4E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe | "{F1558242-D8BF-49F3-9A38-0FF32892B989}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F2E76BEC-B9F9-4AA1-9CCD-407DCC304011}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{F6A17C7A-0EFF-44AC-8983-A9830E239D4F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "TCP Query User{13E1A081-7F3D-482C-BBDA-84E2C4BB0D83}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{77048C63-3CDD-40DB-B576-F8623CA15E83}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe | "TCP Query User{950AD9B1-371E-4A5F-B52A-DA8548A9DD43}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe | "TCP Query User{B1E41993-2225-4FA5-9D36-C9B2F39A7E89}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{E6A1EB7E-EDF5-40F7-B7B6-20354C538551}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=6 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe | "TCP Query User{FEBD59D9-BEC6-4FDC-8681-6FF0596758B5}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=6 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe | "UDP Query User{1189D3C9-EE2D-44E7-91D4-2D2251899DD8}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{1E759DA0-2EEE-4923-84F5-783ADBC9DF55}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=17 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe | "UDP Query User{4E90BF9A-1A85-4681-A6C0-A1EBB4B2BB47}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{5EDD27D6-E02C-40F8-AB59-7111E31204BF}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=17 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe | "UDP Query User{AFE9F1D2-A183-4557-BDEB-76D8176465DE}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe | "UDP Query User{B4D379BB-4C5C-40E0-945E-25CCEB771D2C}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Driver Pinnacle Video "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "8461-7759-5462-8226" = Vuze "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) "uTorrent" = µTorrent "WinRAR archiver" = WinRAR 4.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06925CEE-763F-4F0D-A40E-5FD383886055}" = Alice G-132 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2FEC5714-F642-4258-8336-E596A1494860}" = Messenger Plus! Community Smartbar "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5E6EC4DD-7B1F-4E10-82B9-EA1B90791040}" = Nero 8 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Supporto applicazioni Apple "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010 "{90140000-0015-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010 "{90140000-0016-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010 "{90140000-0018-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010 "{90140000-0019-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010 "{90140000-001A-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010 "{90140000-001B-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0410-1000-0000000FF1CE}_Office14.PROPLUS_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010 "{90140000-002C-0410-0000-0000000FF1CE}_Office14.PROPLUS_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010 "{90140000-0044-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010 "{90140000-006E-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010 "{90140000-00A1-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010 "{90140000-00BA-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-007A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Italiano "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3 "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Ashampoo Music Studio 3_is1" = Ashampoo Music Studio 3 3.51 "avast" = avast! Free Antivirus "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "DivX Setup" = DivX Setup "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "eMule AdunanzA" = AdunanzA "FormatFactory" = FormatFactory 2.70 "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "InstallShield_{06925CEE-763F-4F0D-A40E-5FD383886055}" = Alice G-132 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100 "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "MyComposer_is1" = PhotoSì MyComposer 5.0 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Opera 12.00.1467" = Opera 12.00 "PARLA SUBITO! INGLESE BASE" = PARLA SUBITO! INGLESE BASE "Picasa 3" = Picasa 3 "Registrazione utente Canon MP270 series" = Registrazione utente Canon MP270 series "TimeLineRemove_is1" = TimeLineRemove "VLC media player" = VLC media player 2.0.2 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02/02/2013 14:41:58 | Computer Name = rosy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 02/02/2013 14:41:58 | Computer Name = rosy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 182927 Error - 02/02/2013 14:41:58 | Computer Name = rosy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 182927 Error - 03/02/2013 09:02:08 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 04/02/2013 13:55:48 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 05/02/2013 07:28:06 | Computer Name = rosy-PC | Source = Application Hang | ID = 1002 Description = Il programma SoftwareUpdate.exe versione 2.1.3.127 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo. ID processo: a44 Ora di avvio: 01ce0392c1f58ed9 Ora di chiusura: 15 Percorso applicazione: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe ID segnalazione: 0df4e17e-6f87-11e2-951a-0026185abb47 Error - 06/02/2013 17:10:25 | Computer Name = rosy-PC | Source = Application Hang | ID = 1002 Description = Il programma OTL.exe versione 3.2.69.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo. ID processo: ec4 Ora di avvio: 01ce04ad95dda010 Ora di chiusura: 0 Percorso applicazione: C:\Users\rosy\Desktop\OTL.exe ID segnalazione: 8c28f2ae-70a1-11e2-8c1f-0026185abb47 Error - 06/02/2013 17:25:32 | Computer Name = rosy-PC | Source = Application Hang | ID = 1002 Description = Il programma OTL.exe versione 3.2.69.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo. ID processo: 9ac Ora di avvio: 01ce04ae6639cf06 Ora di chiusura: 6 Percorso applicazione: C:\Users\rosy\Desktop\OTL.exe ID segnalazione: Error - 06/02/2013 17:44:10 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06/02/2013 17:44:36 | Computer Name = rosy-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: aswMBR.exe, versione: 0.9.9.1707, timestamp: 0x509be8bf Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.17725, timestamp: 0x4ec49b8f Codice eccezione: 0xc0000005 Offset errore 0x0002e3be ID processo che ha generato l'errore: 0xe08 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce04b2ca5664d1 Percorso dell'applicazione che ha generato l'errore: C:\Users\rosy\Desktop\aswMBR.exe Percorso del modulo che ha generato l'errore: C:\Windows\SysWOW64\ntdll.dll ID segnalazione: 664e526b-70a6-11e2-8c1f-0026185abb47 Error - 07/02/2013 09:56:29 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = [ System Events ] Error - 20/11/2012 07:10:23 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 20/11/2012 07:10:23 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 20/11/2012 15:38:14 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 20/11/2012 15:38:14 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 20/11/2012 15:38:30 | Computer Name = rosy-PC | Source = Disk | ID = 262155 Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1. Error - 20/11/2012 15:38:30 | Computer Name = rosy-PC | Source = Disk | ID = 262155 Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1. Error - 21/11/2012 08:44:17 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 21/11/2012 08:44:17 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 21/11/2012 12:38:49 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 21/11/2012 12:38:49 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029 Description = Display is not active < End of report >
  12. riuscita OTL logfile created on: 07/02/2013 19:21:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rosy\Desktop\Nuova cartella (3) 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,70% Memory free 8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 460,57 Gb Total Space | 297,95 Gb Free Space | 64,69% Space Free | Partition Type: NTFS Computer Name: ROSY-PC | User Name: rosy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\rosy\Desktop\Nuova cartella (3)\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\rosy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV:64bit: - (A5AGU) -- C:\Windows\SysNative\drivers\AGUx64.sys (Atheros Communications, Inc.) DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/ IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://search.chatzum.com/?q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57} IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=IT&install_date=20120603&user_guid=985E3F5A4D644327BD681BEF39B4761B&machine_id=423dba73537c70de0e33a7139f9c55ad&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_cpc_3712_2&babsrc=SP_ss&mntrId=78675a2c000000000000001b1101ebd0 IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzum.com/?q={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/18 10:53:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/09/16 13:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Yahoo! Italia (Enabled) CHR - default_search_provider: search_url = http://it.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR - default_search_provider: suggest_url = http://it-sayt.ff.search.yahoo.com/gossip-it-sayt?output=fxjson&command={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\ CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\ CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/02/05 12:17:38 | 000,445,399 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15295 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CE42BE-D122-4A8E-9CCD-BAB2D224A855}: DhcpNameServer = 62.101.93.101 83.103.25.250 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/07 19:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLineRemove [2013/02/07 18:51:02 | 000,450,659 | ---- | C] (TimeLineRemove ) -- C:\Users\rosy\Desktop\TimeLineRemove.exe [2013/02/06 22:39:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\rosy\Desktop\aswMBR.exe [2013/02/06 22:35:48 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (3) [2013/02/05 12:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/05 12:38:24 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/02/05 12:38:23 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/02/05 12:37:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/02/05 12:37:29 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/02/05 12:37:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/02/05 12:37:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/02/05 12:37:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/02/05 12:37:10 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/02/05 12:37:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/02/05 12:37:09 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/02/05 12:37:08 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/02/05 12:37:08 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/02/05 12:37:07 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/02/05 12:37:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/02/05 12:36:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/02/05 12:36:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/02/05 12:36:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/02/05 12:32:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/02/05 12:32:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/02/05 12:32:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/02/05 12:32:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/05 12:32:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/02/05 12:32:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/02/05 12:32:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/02/05 12:32:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/02/05 12:32:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/05 12:32:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/05 12:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/02/05 12:32:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/02/05 12:32:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/02/05 12:32:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/02/05 12:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/02/05 12:32:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/02/05 12:32:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/02/05 12:32:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/02/05 12:32:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/02/05 12:32:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/02/05 12:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/02/05 12:32:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/02/05 12:32:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/02/05 12:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/02/05 12:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/02/05 12:32:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/02/05 12:32:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/02/05 12:32:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/05 12:32:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/02/05 12:32:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/05 12:26:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/02/05 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Apps [2013/02/05 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Deployment [2013/02/05 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (2) [2013/01/22 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-22 [2013/01/18 22:49:00 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-18 [2013/01/18 22:21:05 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\lepanto [2013/01/17 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-17 [2013/01/15 10:34:40 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-15 [2013/01/12 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-12 [2013/01/10 19:37:06 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-10 ========== Files - Modified Within 30 Days ========== [2013/02/07 19:22:42 | 002,195,061 | ---- | M] () -- C:\Users\rosy\Desktop\tdsskiller.zip [2013/02/07 19:22:01 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/07 18:51:09 | 000,000,478 | ---- | M] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh [2013/02/07 18:43:14 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/07 18:43:14 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/07 18:35:47 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/07 18:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/07 18:35:29 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2013/02/07 14:35:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/07 14:01:16 | 000,490,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/06 22:40:58 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\rosy\Desktop\aswMBR.exe [2013/02/06 22:27:26 | 000,881,914 | ---- | M] () -- C:\Users\rosy\Desktop\SecurityCheck.exe [2013/02/06 22:01:16 | 001,569,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/06 22:01:16 | 000,701,188 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/02/06 22:01:16 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/06 22:01:16 | 000,128,534 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/02/06 22:01:16 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/06 20:54:24 | 000,450,659 | ---- | M] (TimeLineRemove ) -- C:\Users\rosy\Desktop\TimeLineRemove.exe [2013/02/05 14:06:08 | 000,205,892 | ---- | M] () -- C:\Users\rosy\Desktop\902086243.PDF [2013/02/05 12:39:21 | 000,002,262 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/05 12:17:38 | 000,445,399 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/02/05 12:09:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/01/08 22:23:38 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/08 22:23:38 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013/02/07 19:22:35 | 002,195,061 | ---- | C] () -- C:\Users\rosy\Desktop\tdsskiller.zip [2013/02/06 22:27:08 | 000,881,914 | ---- | C] () -- C:\Users\rosy\Desktop\SecurityCheck.exe [2013/02/05 14:05:37 | 000,205,892 | ---- | C] () -- C:\Users\rosy\Desktop\902086243.PDF [2013/02/05 12:39:21 | 000,002,262 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/06 19:37:50 | 000,000,522 | ---- | C] () -- C:\Windows\wininit.ini [2012/11/11 16:44:02 | 000,000,543 | ---- | C] () -- C:\Windows\EvvivaRG.ini [2012/11/11 16:43:56 | 000,000,598 | ---- | C] () -- C:\Windows\NEXTRG.INI [2012/11/11 16:42:39 | 000,000,302 | ---- | C] () -- C:\Windows\FinsonLiveUpdate.ini [2012/11/11 16:34:06 | 000,000,061 | ---- | C] () -- C:\Windows\FINSON.INI [2012/09/16 13:15:12 | 000,000,001 | ---- | C] () -- C:\Users\rosy\AppData\Local\llftool.4.25.agreement [2012/08/03 14:01:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012/08/01 15:12:56 | 000,000,478 | ---- | C] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh [2012/06/11 13:45:21 | 001,568,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/03 21:21:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012/06/03 20:26:35 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/06/03 00:26:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtRFull\L [2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtVFull\L [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/07/10 13:59:09 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Ashampoo [2013/01/06 19:18:56 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Azureus [2012/08/31 14:03:44 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Canon [2012/11/11 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Convivea [2012/06/03 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\eMule AdunanzA [2012/06/03 20:50:28 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\OfferBox [2012/06/20 13:47:05 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Opera [2013/01/06 19:18:56 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\uTorrent [2012/08/22 14:03:07 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Windows Live Writer [2012/08/01 15:13:37 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\ZipGenius ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report >
  13. l unica file è questo,anche l altro mi dice ha smesso di funzionare,ti allego questo,ciao e grazie di nuovo Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Out of date HijackThis installed! Spybot - Search & Destroy Malwarebytes Anti-Malware versione 1.70.0.1100 HijackThis 2.0.2 JavaFX 2.1.1 Java 7 Update 7 Java version out of Date! Adobe Reader XI Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
  14. ciao grazie,di avermi risposto,ho seguito con olt quello che mi hai detto,soltanto a fine scansione non mi apre nessun file e sotto viene scritto manual file scan,getting folder structure,ma dove lo trovo? ora provo con l altro
  15. ciao,scusate,accendendo il pc mi apre il deskop e la rotellina continua a caricare ma nn mi apre nulla,poi si blocca e dopo tanto parte per un po per ribloccarsi ,ho un windows 7.vi allego il mio log file,avrò qualche virus grazie hijackthis.log

  16. Carica E Fa Fatica A Partire

    shampo ha risposto a shampo nel forum HiJackThis - Posta qui i Log

    ciao,ora funziona grazie di tuttoooooooo

  17. Carica E Fa Fatica A Partire

    shampo ha risposto a shampo nel forum HiJackThis - Posta qui i Log

    ok grazieeee ti farò sapere

  18. Carica E Fa Fatica A Partire

    shampo ha risposto a shampo nel forum HiJackThis - Posta qui i Log

    ciao grazie di tutto, t invio il log a presto ComboFix 12-05-31.01 - Utente 31/05/2012 14:55:50.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2717 [GMT 2:00] Eseguito da: c:\users\Utente\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Esecuzione precedente ------- . c:\users\Utente\AppData\Roaming\ImgBurn.exe c:\users\Utente\AppData\Roaming\Microsoft\Windows\Recent\Alice Gate 2 plus Wi-Fi - Stato modem.url c:\users\Utente\AppData\Roaming\OfferBox\config.xml c:\windows\SysWow64\SvcWatch.exe . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_SvcWatch . . ((((((((((((((((((((((((( Files Creati Da 2012-04-28 al 2012-05-31 ))))))))))))))))))))))))))))))))))) . . 2012-05-31 13:09 . 2012-05-31 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 13:29 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B20587A4-0D80-4EFF-B416-C4A2BB5DB392}\mpengine.dll 2012-05-28 08:30 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-11 13:45 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 13:45 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 13:44 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 13:44 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 13:44 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 13:44 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 13:44 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 13:43 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 13:43 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 13:43 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 13:43 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 13:43 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-11 13:43 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-30 13:12 . 2012-01-30 15:39 142445 ----a-w- c:\users\Utente\AppData\Roaming\mdbu.bin 2012-04-04 15:52 . 2010-10-24 20:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-04-04 15:52 . 2010-10-24 20:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-25 18:28 . 2012-04-29 17:24 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-03-25 18:28 . 2012-04-29 17:24 29712 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-03-07 00:15 . 2012-03-03 21:22 41184 ----a-w- c:\windows\avastSS.scr 2012-03-07 00:15 . 2012-03-03 21:22 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-07 00:15 . 2011-01-12 11:36 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-07 00:04 . 2012-03-03 21:23 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-07 00:04 . 2012-03-03 21:23 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-07 00:02 . 2012-03-03 21:23 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-07 00:01 . 2012-03-03 21:23 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-07 00:01 . 2012-03-03 21:23 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-07 00:01 . 2012-03-03 21:23 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-04 21:07 . 2010-04-23 19:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-04 20:50 . 2012-03-04 20:50 3584 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2012-03-03 22:47 . 2011-09-22 11:59 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 14:47 . 2012-03-03 14:47 750488 ----a-w- c:\windows\system32\npdeployJava1.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-31_12.48.39 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-05-31 12:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-31 13:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-31 13:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-31 12:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-31 12:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-31 13:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-10 22:00 . 2012-05-31 13:12 75056 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-31 13:12 42352 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-04-08 13:52 . 2012-05-31 13:12 19104 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-811566715-2642909316-2733475632-1000_UserData.bin - 2012-05-31 12:46 . 2012-05-31 12:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-31 13:10 . 2012-05-31 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-31 12:46 . 2012-05-31 12:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-31 13:10 . 2012-05-31 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-05-31 12:46 685948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-31 13:09 685948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Device Detection"="c:\program files (x86)\PhotoSi\MyComposer\dd.exe" [2011-04-21 289976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "WinYou"="c:\program files (x86)\WinYou\WinYou.exe" [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x] R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-05-02 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x] R4 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [x] R4 WinServiceMY;WinServiceMY;c:\program files (x86)\WinServiceMY\WinServiceMY.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-03-25 204304] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . Contenuto della cartella 'Scheduled Tasks' . 2012-05-31 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2010-10-11 09:47] . 2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811566715-2642909316-2733475632-1000Core.job - c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 14:11] . 2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811566715-2642909316-2733475632-1000UA.job - c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 14:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "GuaTast"="c:\program files (x86)\GuaTast\GuaTast.exe" [2012-02-14 354816] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-05-02 1271552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.com/webhp?hl=it uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 62.101.93.101 83.103.25.250 FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\96lwmg9a.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=it FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= . - - - - CHIAVI ORFANE RIMOSSE - - - - . BHO-{703740c1-0f1a-4cec-a4df-d78db0158477} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{285EC6B8-2D76-4297-8E03-0993BBCDF405} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-WinYou - c:\program files (x86)\WinYou\WinYou.exe HKLM-Run-combofix - c:\combofix\CF14938.3XE AddRemove-AVS Screen Capture_is1 - c:\program files (x86)\AVS4YOU\AVSScreenCapture\unins000.exe AddRemove-AVS Update Manager_is1 - c:\program files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe AddRemove-AVS Video Editor_is1 - c:\program files (x86)\AVS4YOU\AVSVideoEditor\unins000.exe AddRemove-AVS Video Recorder_is1 - c:\program files (x86)\AVS4YOU\AVSVideoRecorder\unins000.exe AddRemove-AVS4YOU Software Navigator_is1 - c:\program files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe . ************************************************************************** . Ora fine scansione: 2012-05-31 15:15:25 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-05-31 13:15 . Pre-Run: 406.621.847.552 byte disponibili Post-Run: 406.180.847.616 byte disponibili . - - End Of File - - B95495E2006BB757082134F17873A432

  19. Carica E Fa Fatica A Partire

    shampo ha risposto a shampo nel forum HiJackThis - Posta qui i Log

    ciao,rieccomi t invio il log di combifix, grazie

  20. Come Fare Un Video Di Compleanno

    shampo ha aggiunto un topic in Grafica 3D

    ciao,scusate ho pinnacle studio 15,vorrei fare un video per il diciottesimo di mio figlio,con effetti tipo gli intro,qualcuno sa dirmi come fare' o darmi qualche consiglio sul video grazie

  21. Come Fare Un Video Di Compleanno

    shampo ha risposto a shampo nel forum Grafica 3D

    ok grazieeeeeeeeee ciao

  22. Java Nn Si Cancella

    shampo ha aggiunto un topic in Windows 7

    ciao,scusate,qualcuno per favore sa cosa posso fare......nn riesco a scancellare java tm 6 update 21,vado su pannello.programmi,disistalla e mi da errore... si è verificato un problema con questo pacchetto di windows installer. impossibile eseguire una dll necessaria a completare l installazione.contattare il personale di supporto o il fornitore del pacchetto. ho windows 7 64 bit cosa devo fare grazie

  23. Java Nn Si Cancella

    shampo ha risposto a shampo nel forum Windows 7

    grazie lunaaaa, ha funzionato,vi ringrazio tutti siete grandi

  24. Java Nn Si Cancella

    shampo ha risposto a shampo nel forum Windows 7

    vi ringrazio delle risposte,ccleaner fatto, ma niente,per scaricare video da yuotube,devo scaricare 1 di questi programmi,ma sono semplici da usare? grazie

  25. Java Nn Si Cancella

    shampo ha risposto a shampo nel forum Windows 7

    ciao.ho scaricato javara,ma nn elimina la vecchia versione,mi ha fatto scaricare la nuova Java SE 6 Update 31 JRE.nn so se è giusta,ma siccome voglio scaricare un video da youtube con keepvideo mi continua a dire che devo installare il java,e quello che mi fa scaricare nn me lo fa installare,grazieee