francesco59

Utenti

Visualizza profilo Vedi la sua attività

Numero contenuti
450
Iscritto
February 11, 2006
Ultima visita
November 14, 2013

Su francesco59

Livello
Esperto
Compleanno 02/08/1959

Contact Methods

MSN
ginocchione@hotmail.com
Website URL
http://

Profile Information

Località
Perugia
Interessi
Sport in generale, fai da te, informatica, collezionismo

Errore Durante L'avvio W7 64Bit Dovuto A Conduit Container

francesco59 ha risposto a francesco59 nel forum Windows 7

già òo avevo fatto ma lo rifarè gtazie ancora, una domanda ma scaricare da softonic è sempre cosi pericoloso?
- November 14, 2013
- 6 risposte
Errore Durante L'avvio W7 64Bit Dovuto A Conduit Container

francesco59 ha risposto a francesco59 nel forum Windows 7

BRAVOOOOOOOOOOO ha funzionato, c'erano due riferimenti in giallo, altri in rosa ed alcuni in chiaro ma senza descrizione. Devo cancellare anche quelli in rosa che hanno però altri riferimenti. Per quanto riguarda la scheda sd, niente quella che mi hai indicato l'avevo già provata, scrivero casomai a Kaspersky perchè trovo solo link in inglese avanzato.
- November 14, 2013
- 6 risposte
Errore Durante L'avvio W7 64Bit Dovuto A Conduit Container

francesco59 ha aggiunto un topic in Windows 7

Salve a tutti, accidenti a me, per rimediare ad una defaillance di kaspersky che mi ha tolto l'autorun dal notebook ho scaricato da softonic un software che mi ha prima installato quel maledetto imminent, poi una volta debellato imminent mi è comparso container. Ho fatto tutte le scansioni con Malwarebyt, con kaspersky fino a combo fix. Ora non ho più tracce di conduit container ma ho questo fastidioso errore all'avio. Ho cercato con programmi tipo advance care, ma non sono riuscito a debellarlo. Avete qualche magica soluzione voi? Ho fatto comunque di tutto, dalle pulizie generali con ccleaner a tool come toolwiz care, per concludere con adwcleaner. Inoltre se non sono così sfacciato posso chiedere come poter fare a ripristinare l'autorun dalle schede Sd o dagli hard disk esterni. Per questi ultimi il notebook li sente, appare una maschera di kaspersky che mi dice di voler eseguire una scansione e nel pannello delle risorse del computer compaiono le unita esterne (schede e hard disk). Ho fatto tutti i passaggi necessari per cercare di riattivare l'autorun pure nel promt dei comandi dove mi dice che il servizio è attivo. Sicuramente ed è questo il problema, tale processo è bloccato da Kaspersky avendo io fatto una scansione delle vulnerabilità . Cosa posso fare? Disinstallare Kaspersky e poi riinstallarlo? Grazie infinite per tutto quello che potrete fare.. hijackthis.log
- November 14, 2013
- 6 risposte
Ho Dei Rallentamenti E Disconnessioni

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

si avevo capito, ho cercato di farti capire la configurazione dei pc, ma ho reso il router ed ho rimontato il veccchio, problema risolto e grazie
- October 25, 2013
- 10 risposte
Ho Dei Rallentamenti E Disconnessioni

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

non cambia nulla, io avevo 5 pc comprensivi di quelli dei figli tutti con un indirizzo ip statico diverso da pc a pc per non creare conflitti, ora siamo tutti in automatico
- October 23, 2013
- 10 risposte
Ho Dei Rallentamenti E Disconnessioni

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

oscillano dalle 5 alle 7 8, ma il problema sono le mie vecchie. Se creo una nuova connessione ho un numero progressivo topo 3,4....
- October 23, 2013
- 10 risposte
Ho Dei Rallentamenti E Disconnessioni

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

Carissimo, purtroppo non sono più un ragazzino ed anche se non sono vecchio ho 54 anni , me la cavo abbastanza bene rispetto a tanti miei coetani. Proverò a spiegarti i problemi. Avevo un router 2740b con un extender perchè in camera non mi arrivava la wifi. L'ho sostituito con il modello nuovo che mi hanno detto che mi avrebbe consentito di togliere l'extender netgear... ed infatti quando funziona (quello nuovo) riesco a navigare anche se non velocissimo. Uno dei problemi che ho legato alle connessioni +è che non sono riuscito ad eliminare le vecchie. Esempio la mia si chiama topo, ed ho topo 1 topo 2 topo 3... Dal pannello di controllo le ho eliminate, ma esistono ancora perchè dovrebbe esserci un registro non so dove, per cancellare le chiavi. Esempio ora sono con topo 2, perche il 3 l'ho cancellato facendo un ripristino, ma abbiamo ancora topo e topo 1. Sto navigando ma credo che la cosa disturbi. altro problema è il settaggio di questo maledetto router, ora ho anche la navigazione 5g che è molto lenta e credo che invece dovrebbe essere una scheggia anche se ho l'alice 7mega. ho chiamato il call center della dlink ma ognuno degli operatori mi ha fatto fare una configurazione diversa, mettendo anche i dns di google che io ho provato a sostituire con gli open dns. Altro problema credo sia rappresentato dal canale di trasmissione, ora ho il 13 ma forse un automatico sarebbe stato migliore....Non so se sarò stato esaudiente, ho <kaspersky come antivirus.........cmq grazie
- October 23, 2013
- 10 risposte
Ho Dei Rallentamenti E Disconnessioni

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

in wifi, alice adsl ho un router nuovo della dlink che mi fa dannare dsl3580L che penso di restituire anche se un po di casino nelle connessioni lo avevo anche prima, ma ora siamo al top
- October 22, 2013
- 10 risposte
Ho Dei Rallentamenti E Disconnessioni

francesco59 ha aggiunto un topic in HiJackThis - Posta qui i Log

grazie infinite se potete darmi un'occhiata... ho w7 64bit hijackthis.log
- October 22, 2013
- 10 risposte
Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

ora non so più se allegare o popiare ed incollare-.......................... ComboFix 13-02-06.01 - baffa 06/02/2013 21:19:19.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.1977.1154 [GMT 1:00] Eseguito da: c:\users\baffa\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Creati Da 2013-01-06 al 2013-02-06 ))))))))))))))))))))))))))))))))))) . . 2013-02-06 20:29 . 2013-02-06 20:29 -------- d-----w- c:\users\Default\AppData\Local emp 2013-02-05 09:29 . 2013-02-05 09:29 -------- d-----w- c:\windows\ERUNT 2013-02-05 09:28 . 2013-02-05 09:54 -------- d-----w- C:\JRT 2013-02-05 09:12 . 2013-01-07 20:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C76E4E7-F7D8-47A6-89C3-D695382ACDDF}\mpengine.dll 2013-02-05 07:26 . 2013-01-07 20:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-17 16:30 . 2013-01-17 16:30 -------- d-----w- c:\users\baffa\AppData\Local\Macromedia 2013-01-17 06:44 . 2013-01-17 06:44 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51746BBD-8EAB-4DAD-B855-C5355B372303}\gapaengine.dll 2013-01-17 06:40 . 2013-01-17 06:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-01-17 06:40 . 2013-01-17 06:41 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-16 23:50 . 2013-01-17 21:19 -------- d-----w- c:\programdata\Kaspersky Lab 2013-01-16 23:24 . 2013-01-15 17:49 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2013-01-16 23:16 . 2013-01-16 23:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-01-16 23:16 . 2013-01-16 23:16 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-16 23:16 . 2013-01-16 23:16 340992 ----a-w- c:\windows\system32\schannel.dll 2013-01-16 23:16 . 2013-01-16 23:16 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-01-16 23:16 . 2013-01-16 23:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-01-16 23:16 . 2013-01-16 23:16 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-16 23:16 . 2013-01-16 23:16 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-01-16 23:15 . 2013-01-16 23:15 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-01-16 23:15 . 2013-01-16 23:15 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-01-16 20:03 . 2013-01-16 20:03 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar 2013-01-16 20:02 . 2013-01-16 23:06 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-01-16 20:02 . 2013-01-16 20:05 -------- d-----w- c:\programdata\IObit 2013-01-16 20:02 . 2013-01-16 20:02 -------- d-----w- c:\users\baffa\AppData\Roaming\IObit 2013-01-16 20:02 . 2013-01-16 20:02 -------- d-----w- c:\program files (x86)\IObit 2013-01-16 16:08 . 2013-01-16 16:08 -------- d-----w- c:\users\baffa\AppData\Roaming\Malwarebytes 2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\programdata\Malwarebytes 2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-16 16:06 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\users\baffa\AppData\Local\Programs 2013-01-12 22:02 . 2013-01-17 10:55 -------- d-----w- c:\windows\rescache 2013-01-10 21:20 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-10 21:20 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-10 21:18 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-10 21:17 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32 askhost.exe 2013-01-10 21:17 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-17 14:33 . 2012-07-22 15:12 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-17 14:33 . 2012-07-22 15:12 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-17 00:28 . 2010-03-29 21:19 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-11 09:17 . 2010-02-13 23:25 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-08 05:32 . 2013-02-05 10:12 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B52E316-DCE4-4EBF-AFCF-B25FDEFB9BD5}\mpengine.dll 2012-12-16 17:11 . 2012-12-22 02:01 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 02:01 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 02:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 02:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:45 . 2013-01-10 21:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-17 13:26 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-17 13:26 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-17 13:26 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-17 13:26 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-17 13:26 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-17 13:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-17 13:27 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-17 13:26 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-17 13:26 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-17 13:26 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-17 13:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-17 13:26 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-17 13:26 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-17 13:27 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-17 13:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-17 13:27 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-17 13:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-17 13:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-17 13:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-17 13:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-17 13:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-17 13:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-14 00:32 2048 ----a-w- c:\windows\system32 zres.dll 2012-11-09 04:42 . 2012-12-14 00:32 2048 ----a-w- c:\windows\SysWow64 zres.dll 2010-11-07 13:06 . 2010-11-07 13:06 2810112 ----a-w- c:\program files\ccsetup-3.00.1303.exe 2010-07-26 21:23 . 2010-07-26 21:21 32532792 ----a-w- c:\program files\SafariSetup-5.0.exe 2010-07-20 13:21 . 2010-07-20 13:21 4141792 ----a-w- c:\program files\UseNeXT_freetrial_416583w.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] 2012-11-28 16:59 1230216 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll . c:\users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Banshee Screamer Alarm.lnk - c:\program files (x86)\Banshee Screamer Alarm\alarm.exe [2012-12-19 274432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-17 251400] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 cpuz132;cpuz132;c:\users\baffa\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x] R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2010-09-22 48488] R3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352] R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664] R3 HdAudAddService;Driver di funzioni Microsoft 1.1 UAA per servizio High Definition Audio;c:\windows\system32\drivers\HdAudio.sys [2010-11-20 350208] R3 int15.sys;int15.sys;c:\windows\System32\OEM\Factory\int15.sys [2008-03-28 17952] R3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;c:\program files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-16 129976] R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 odserv;Microsoft Office Diagnostics Service;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-16 19456] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 StarOpen;StarOpen; [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2013-01-16 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 USBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736] R3 WinUsb;WinUsb;c:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] R4 MSSQLServerADHelper;SQL Server Active Directory Helper;c:\program files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Apple Mobile Device;Apple Mobile Device;c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184] S2 BcmSqlStartupSvc;Servizio di avvio SQL Server di Business Contact Manager;c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840] S2 IviRegMgr;IviRegMgr;c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MsMpSvc;Microsoft Antimalware Service;c:\program files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072] S2 NMSAccess;NMSAccess;c:\program files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 PSI_SVC_2;Protexis Licensing V2;c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 SeaPort;SeaPort;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] S2 SQLBrowser;SQL Server Browser;c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944] S2 SQLWriter;SQL Server VSS Writer;c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976] S3 athr;Atheros Extensible Wireless LAN device driver;c:\windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656] S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDRT64.sys [2009-08-11 686080] S3 DKbFltr;Dritek Keyboard Filter Driver (64-bit);SysWOW64\Drivers\DKbFltr.sys [x] S3 igfx;igfx;c:\windows\system32\DRIVERS\igdkmd64.sys [2010-08-25 10611552] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 NTIDrvr;NTIDrvr;c:\windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432] S3 SynTP;Synaptics TouchPad Driver;c:\windows\system32\DRIVERS\SynTP.sys [2009-08-14 286768] S3 UBHelper;UBHelper;c:\windows\system32\drivers\UBHelper.sys [2009-05-05 16896] S3 usbvideo;Dispositivo video USB (WDM);c:\windows\System32\Drivers\usbvideo.sys [2010-11-20 184960] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contenuto della cartella 'Scheduled Tasks' . 2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 14:33] . 2013-02-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job - c:\users\baffa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 01:03] . 2013-02-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job - c:\users\baffa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 01:03] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:57] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:57] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job - c:\users\baffa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:43] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job - c:\users\baffa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] . ------- Scansione supplementare ------- . uStart Page = hxxp://it.search.yahoo.com?type=198484&fr=spigot-yhp-ie uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27360210b116l0323z105i48l6u803 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Scarica con Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}\35051425B4C416E6: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}\7696E6F6662716E65393: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}\C46454D2E45647: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\baffa\AppData\Roaming\Mozilla\Firefox\Profiles\08j167kw.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/ FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF - ExtSQL: 2013-01-17 01:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{098D800D-0712-45FF-A3E4-686BD68F29F8} - (no file) WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file) WebBrowser-{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - (no file) . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2013-02-06 21:47:58 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2013-02-06 20:47 . Pre-Run: 80.578.392.064 byte disponibili Post-Run: 80.529.948.672 byte disponibili . - - End Of File - - 21C12519FA1E897E7AFD4475E8326CEE combofix.txt
- February 6, 2013
- 21 risposte
Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

eset ha rilevato SETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=43fb0a3a215aa54080d226d38375ea7a # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-02-05 10:32:57 # local_time=2013-02-05 11:32:57 (+0100, ora solare Europa occidentale) # country="Italy" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 48055 111733427 0 0 # scanned=129364 # found=3 # cleaned=0 # scan_time=5981 C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll a variant of Win32/Toolbar.Widgi application 9F9058BB859817F3BF51CEFEA513C3B7B873E4B9 I C:\Users\baffa\Downloads\SoftonicDownloader_per_avira-antivir-regcleaner.exe a variant of Win32/SoftonicDownloader.E application 2DDC4AB011BD67D598B9AD30ED593292FBE8E2A6 I C:\Windows\Installer\3b4e2.msi a variant of Win32/Toolbar.Widgi application 9F488E83B5B3C08949828D60A768E06B7E12905A I malwarebytes Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Versione database: v2013.02.05.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 baffa :: BAFFA-PC [amministratore] 05/02/2013 21:35:40 mbam-log-2013-02-05 (21-35-40).txt Tipo di scansione: Scansione veloce Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM Opzioni di scansione disattivate: P2P Elementi esaminati: 221890 Tempo impiegato: 7 minuti, 33 secondi Processi rilevati in memoria: 0 (non sono stati rilevati elementi nocivi) Moduli di memoria rilevati: 0 (non sono stati rilevati elementi nocivi) Chiavi di registro rilevate: 0 (non sono stati rilevati elementi nocivi) Valori di registro rilevati: 0 (non sono stati rilevati elementi nocivi) Voci rilevate nei dati di registro: 0 (non sono stati rilevati elementi nocivi) Cartelle rilevate: 0 (non sono stati rilevati elementi nocivi) File rilevati: 0 (non sono stati rilevati elementi nocivi) (fine) ecco attendo istruzioni
- February 5, 2013
- 21 risposte
Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

adw cleaner ha fatto una bella pulizia ed allego il file. per l'altro programma pur avendo fatte più prove disattivando firewall e antivirus non me lo fa terminare. mi compare una scritta che windows chiudera il programma- AdwCleanerS1.txt
- February 5, 2013
- 21 risposte
Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

ecco l'altro MBR.zip aswMBR.txt
- February 3, 2013
- 21 risposte
Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

ecco OTL logfile created on: 03/02/2013 21:00:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\baffa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 1,93 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 43,11% Memory free 3,86 Gb Paging File | 2,40 Gb Available in Paging File | 62,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220,79 Gb Total Space | 78,67 Gb Free Space | 35,63% Space Free | Partition Type: NTFS Computer Name: BAFFA-PC | User Name: baffa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\baffa\Desktop\OTL(1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Banshee Screamer Alarm\alarm.exe () PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Banshee Screamer Alarm\utils.dll () MOD - C:\Program Files (x86)\Banshee Screamer Alarm\skinscript.dll () MOD - C:\Program Files (x86)\Banshee Screamer Alarm\alarm.exe () MOD - C:\Program Files (x86)\Banshee Screamer Alarm\custoclock.filter () MOD - C:\Program Files (x86)\Banshee Screamer Alarm\gbm.dll () MOD - C:\Program Files (x86)\Banshee Screamer Alarm\beatnik.filter () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programmi\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (ePowerSvc) -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27360210b116l0323z105i48l6u803 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27360210b116l0323z105i48l6u803 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - No CLSID value found IE - HKLM\..\URLSearchHook: {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\prxtbSof2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112863&tt=120912_cpc_3712_6&babsrc=HP_ss&mntrId=268053c900000000000000269ea259ef IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112863&tt=120912_cpc_3712_6&babsrc=HP_ss&mntrId=268053c900000000000000269ea259ef IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://it.search.yahoo.com?type=198484&fr=spigot-yhp-ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 1D 8A C0 8D AD CA 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {DCE02E09-449C-493A-93B1-25E784A1EB6A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112863&tt=120912_cpc_3712_6&babsrc=SP_ss&mntrId=268053c900000000000000269ea259ef IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Trova Rapido: "URL" = http://www.trovarapido.com/result.php?t=Q1002151654&s=b&keywords={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT366IT366 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{DCE02E09-449C-493A-93B1-25E784A1EB6A}: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "https://www.google.it/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6 FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.5.0.11422 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}:3.7.0.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2 FF - prefs.js..extensions.enabledItems: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}:3.7.0.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledItems: crossriderapp3491@crossrider.com:0.81.20 FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6 FF - prefs.js..keyword.URL: "http://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=gppc" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?affID=112863&tt=120912_cpc_3712_6&babsrc=KW_ss&mntrId=268053c900000000000000269ea259ef&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\baffa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\baffa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\baffa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\baffa\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerbox@spointer.com: C:\PROGRAM FILES\OFFERBOX\EXTENSIONS-4.0.4498.53\OFFERBOX@SPOINTER.COM FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 20:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 20:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 20:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/16 19:22:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/12 20:31:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/10/11 00:25:05 | 000,000,000 | ---D | M] [2010/02/17 17:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\baffa\AppData\Roaming\mozilla\Extensions [2013/01/16 20:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\baffa\AppData\Roaming\mozilla\Firefox\Profiles\08j167kw.default\extensions [2012/09/16 18:42:09 | 000,002,223 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\mozilla\firefox\profiles\08j167kw.default\searchplugins\BabylonMngr.xml [2012/09/06 21:29:04 | 000,000,921 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\mozilla\firefox\profiles\08j167kw.default\searchplugins\conduit.xml [2011/03/27 20:02:59 | 000,003,915 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\mozilla\firefox\profiles\08j167kw.default\searchplugins\sweetim.xml [2012/10/19 10:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/12/17 14:14:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/23 23:12:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/10/19 10:05:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/08/25 20:39:49 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/09/16 19:22:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/25 20:39:11 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012/09/16 19:21:56 | 000,001,393 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml [2012/09/16 18:41:29 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/09/16 19:21:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/16 19:21:56 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml [2011/03/27 19:48:58 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012/09/16 19:21:56 | 000,000,817 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml [2012/09/16 19:21:56 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml [2012/09/16 19:21:56 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml ========== Chrome ========== CHR - homepage: http://it.search.yahoo.com?type=198484&fr=spigot-yhp-ch CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://it.search.yahoo.com?type=198484&fr=spigot-yhp-ch CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\baffa\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\baffa\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\baffa\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\baffa\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\baffa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SocialPlus! for Facebook = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.6.8_0\ CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\ CHR - Extension: Domain Error Assistant = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Night Time In New York City = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\ CHR - Extension: Skype Click to Call = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\ CHR - Extension: Savings-Slider = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\ CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\ CHR - Extension: Settings Protector = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: Gmail = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/01/16 21:34:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {703740c1-0f1a-4cec-a4df-d78db0158477} - No CLSID value found. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll (Spigot, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {098D800D-0712-45FF-A3E4-686BD68F29F8} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Italia Toolbar) - {4EDD5C14-2D22-4D7A-9748-C975A7FD933B} - C:\Program Files (x86)\Softonic_Italia\prxtbSof2.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - Startup: C:\Users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk = C:\Program Files (x86)\Banshee Screamer Alarm\alarm.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AEEE9A4-C5E6-44DB-B5B6-512182989679}: DhcpNameServer = 62.13.173.92 62.13.173.93 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/02/03 20:57:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL(1).exe [2013/02/03 20:49:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL.exe [2013/01/18 08:33:38 | 000,000,000 | ---D | C] -- C:\Users\baffa\Desktop\backups [2013/01/17 17:30:18 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Local\Macromedia [2013/01/17 07:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/01/17 07:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/01/17 00:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/01/17 00:49:29 | 000,000,000 | ---D | C] -- C:\Users\baffa\Desktop\Virus Removal Tool [2013/01/17 00:45:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/17 00:24:16 | 000,026,432 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2013/01/17 00:17:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/01/17 00:17:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013/01/17 00:17:02 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013/01/17 00:17:02 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013/01/17 00:17:02 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/01/17 00:17:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013/01/17 00:17:02 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013/01/17 00:17:02 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013/01/17 00:17:02 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013/01/17 00:17:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013/01/17 00:17:02 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/01/17 00:17:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013/01/17 00:17:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013/01/17 00:17:01 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/01/17 00:17:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013/01/17 00:17:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/01/17 00:17:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013/01/17 00:17:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013/01/17 00:17:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/01/17 00:17:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013/01/17 00:17:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013/01/17 00:17:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013/01/17 00:17:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013/01/17 00:17:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013/01/17 00:16:13 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013/01/17 00:15:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013/01/17 00:15:06 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013/01/16 22:54:45 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/16 21:17:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/16 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2013/01/16 21:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2013/01/16 21:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar [2013/01/16 21:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013/01/16 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Roaming\IObit [2013/01/16 21:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013/01/16 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013/01/16 17:08:40 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Roaming\Malwarebytes [2013/01/16 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/16 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/16 17:06:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/01/16 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/16 17:06:17 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Local\Programs [2013/01/16 17:04:04 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/01/12 23:02:23 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2013/01/10 22:20:20 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/10 22:20:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/10 22:19:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/10 22:19:38 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/10 22:19:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/10 22:19:34 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/10 22:19:34 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/10 22:19:34 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/10 22:19:34 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/10 22:19:34 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/10 22:19:34 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/10 22:19:34 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/10 22:19:34 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/10 22:19:34 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/10 22:19:34 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/10 22:19:34 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/10 22:19:34 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/10 22:19:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/10 22:19:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/10 22:19:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/10 22:19:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/10 22:19:33 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/10 22:19:33 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/10 22:19:33 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/10 22:19:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/10 22:19:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/10 22:19:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/10 22:19:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/10 22:19:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/10 22:19:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/10 22:19:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/10 22:19:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/10 22:18:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/10 22:18:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/10 22:18:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/10 22:18:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/10 22:18:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/10 22:18:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/10 22:18:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/10 22:18:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/10 22:18:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/10 22:18:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/10 22:18:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/10 22:18:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/10 22:18:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/10 22:18:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/10 22:18:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/10 22:18:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/10 22:18:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/10 22:18:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/01/10 22:17:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2010/11/07 14:06:12 | 002,810,112 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup-3.00.1303.exe [2010/07/26 22:21:25 | 032,532,792 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup-5.0.exe [2010/07/20 14:21:17 | 004,141,792 | ---- | C] (Tangysoft Ltd. ) -- C:\Program Files\UseNeXT_freetrial_416583w.exe [2009/10/20 00:31:46 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013/02/03 20:58:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL(1).exe [2013/02/03 20:53:02 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/03 20:52:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 20:52:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 20:50:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL.exe [2013/02/03 20:45:22 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/03 20:45:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/03 20:44:58 | 1554,718,720 | -HS- | M] () -- C:\hiberfil.sys [2013/02/01 12:08:07 | 000,001,178 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job [2013/02/01 11:41:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/01 11:37:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job [2013/02/01 03:08:02 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job [2013/02/01 01:37:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job [2013/02/01 01:32:36 | 000,002,372 | ---- | M] () -- C:\Users\baffa\Desktop\Google Chrome.lnk [2013/01/17 15:33:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/17 15:33:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/17 07:41:18 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/01/17 01:01:33 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013/01/17 00:17:02 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/01/17 00:17:02 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013/01/17 00:17:02 | 001,123,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013/01/17 00:17:02 | 001,048,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013/01/17 00:17:02 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/01/17 00:17:02 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013/01/17 00:17:02 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013/01/17 00:17:02 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013/01/17 00:17:02 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013/01/17 00:17:02 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013/01/17 00:17:02 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/01/17 00:17:02 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013/01/17 00:17:02 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013/01/17 00:17:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\tsusbflt.sys.mui [2013/01/17 00:17:01 | 005,773,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/01/17 00:17:01 | 000,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013/01/17 00:17:01 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/01/17 00:17:01 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013/01/17 00:17:01 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013/01/17 00:17:01 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/01/17 00:17:01 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013/01/17 00:17:01 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013/01/17 00:17:01 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013/01/17 00:17:01 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013/01/17 00:17:01 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013/01/17 00:16:13 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013/01/17 00:15:06 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013/01/17 00:15:06 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013/01/16 21:34:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/01/16 20:14:50 | 000,001,016 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk [2013/01/16 17:06:33 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/15 18:49:06 | 000,026,432 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2013/01/11 10:49:00 | 000,422,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/11 10:23:40 | 001,705,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/11 10:23:40 | 000,752,944 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/01/11 10:23:40 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/11 10:23:40 | 000,149,134 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/01/11 10:23:40 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2013/01/17 07:41:08 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/01/17 07:40:09 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/01/17 01:01:33 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/01/16 20:14:50 | 000,001,016 | ---- | C] () -- C:\Users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk [2013/01/16 17:06:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/08 22:50:56 | 008,120,981 | ---- | C] () -- C:\Users\baffa\Desktop\Alessandro Mannarino - Vivere La Vita.mp3 [2011/12/12 16:59:57 | 000,072,176 | ---- | C] () -- C:\Users\baffa\La tesina.pdf [2011/03/31 19:57:44 | 000,000,035 | ---- | C] () -- C:\Users\baffa\.mjsync_it_IT [2010/09/08 20:36:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/02/15 23:18:43 | 000,000,089 | ---- | C] () -- C:\Users\baffa\AppData\Local\lsfeljpd.bat [2010/02/10 21:16:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/16 18:41:14 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Babylon [2010/09/28 19:59:53 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Canneverbe Limited [2011/04/15 11:31:25 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\DVDVideoSoftIEHelpers [2010/09/27 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\freeTVRadio [2010/02/10 21:10:52 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\GameConsole [2010/12/23 03:12:30 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\GrabPro [2010/09/08 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\InterVideo [2013/01/16 21:02:41 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\IObit [2012/03/06 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Mipony [2012/03/06 21:24:08 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Orbit [2010/12/23 03:12:37 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\ProgSense [2013/01/17 00:13:37 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: SERVICES.EXE > [2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe [2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SVCHOST.EXE > [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < %systemroot%\*. /rp /s > < %systemdrive%\$Recycle.Bin|@;true;true;true /fp > ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: Hitachi HTS545025B9A300 Partitions: 3 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 12,00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 100,00MB Starting Offset: 12885950464 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 221,00GB Starting Offset: 12990808064 Hidden sectors: 0 ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54 < End of report >
- February 3, 2013
- 21 risposte
Sono Perseguitato Da Imminent W7 Home Professional

francesco59 ha risposto a francesco59 nel forum HiJackThis - Posta qui i Log

ancora grazie infinite......... devo disinstallarlo necessariamente o...
- January 29, 2013
- 6 risposte

Accedi

francesco59

Numero contenuti

Iscritto

Ultima visita

Su francesco59

Contact Methods

Profile Information

Errore Durante L'avvio W7 64Bit Dovuto A Conduit Container

Errore Durante L'avvio W7 64Bit Dovuto A Conduit Container

Errore Durante L'avvio W7 64Bit Dovuto A Conduit Container

Ho Dei Rallentamenti E Disconnessioni

Ho Dei Rallentamenti E Disconnessioni

Ho Dei Rallentamenti E Disconnessioni

Ho Dei Rallentamenti E Disconnessioni

Ho Dei Rallentamenti E Disconnessioni

Ho Dei Rallentamenti E Disconnessioni

Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

Sono Perseguitato Da Imminent W7 Home Professional

Sezioni principali

Attività