francocamoli

Pc Lento Sia Con I Programmi Che Con La Connessione [Risolto]

Iniziato da francocamoli,

43 messaggi in questa discussione

Inviato

Salve a tutto lo staff.

Scrivo perché da alcuni giorni ho due problemi col pc fisso.

Da premettere, per capire meglio i miei problemi, che il pc è un assemblato CDC a cui, dato che si era bruciata la scheda madre, ho fatto sostituire nel mese di giugno l’hard disk(cambiato perché il tecnico non trovava una scheda madre compatibile), scheda madre, scheda video, ram aumentata, quindi l’ho anche potenziato, sempre nei limiti del budget.

Il tecnico in poche parole mi ha lasciato il vecchio hard disk(due partizioni) con tutti i vecchi files (non formattato tanto fa funzione da hard disk esterno) ed il nuovo di 500 GIGA in due partizioni.

Ho reinstallato tutti i programmi che mi servivano, ecc., i driver aggiornati ed il modem (D-LINK DSL G624T), al quale sono collegati in wireless anche altri due pc notebook.

Giorni fa, per installare un programma dal web, ho commesso forse qualche errore ed ho effettuato il ripristino di sistema, ma al ripristino non mi funzionava un altro programma, quindi sono ritornato al punto precedente, ma, da quel momento in poi, all’accensione del pc, la barra delle applicazioni prima compare, poi scompare ed al suo preciso posto rimane una macchia nera per circa 90 secondi, poi ricompare di nuovo e va tutto bene.

Ho notato però che la connessione internet andava a singhiozzi (cavo di rete scollegato) e la velocità era a 10 e non a 100 Mbps; per un paio di giorni mi sono connesso (ed anche gli altri pc) con un altro modem prestatomi da un amico ed andava tutto bene (velocità indicata 100 Mbps), poi quando ho rimesso il mio è ritornato tutto come prima ed addirittura non riuscivo ad entrare nella pagina di configurazione. Dopo vari tentativi, sono riuscito ad aggiornare il firmware del modem che va un pò meglio, ma sempre a 10 Mbps.

In definitiva ad oggi si connette ad internet (non segna più cavo scollegato), ma lentissimo a caricare le pagine ed addirittura si imballa anche con i programmi; combofix e Hijacktis li ho scaricati da un altro pc e poi li ho passati con la chiavetta. All’accensione ed alla chiusura non ho problemi, tranne per il discorso della barra applicazioni. Allego file con le informazioni sul pc e sistema operativo, il log di combofix e quello di Hijacktis sperando che mi possiate dare qualche informazione; grazie Francesco

hijackthis.log

ComboFix.txt

SISTEMA.docx

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Salve a tutto lo staff.

Scrivo perché da alcuni giorni ho due problemi col pc fisso.

Da premettere, per capire meglio i miei problemi, che il pc è un assemblato CDC a cui, dato che si era bruciata la scheda madre, ho fatto sostituire nel mese di giugno l’hard disk(cambiato perché il tecnico non trovava una scheda madre compatibile), scheda madre, scheda video, ram aumentata, quindi l’ho anche potenziato, sempre nei limiti del budget.

Il tecnico in poche parole mi ha lasciato il vecchio hard disk(due partizioni) con tutti i vecchi files (non formattato tanto fa funzione da hard disk esterno) ed il nuovo di 500 GIGA in due partizioni.

Ho reinstallato tutti i programmi che mi servivano, ecc., i driver aggiornati ed il modem (D-LINK DSL G624T), al quale sono collegati in wireless anche altri due pc notebook.

Giorni fa, per installare un programma dal web, ho commesso forse qualche errore ed ho effettuato il ripristino di sistema, ma al ripristino non mi funzionava un altro programma, quindi sono ritornato al punto precedente, ma, da quel momento in poi, all’accensione del pc, la barra delle applicazioni prima compare, poi scompare ed al suo preciso posto rimane una macchia nera per circa 90 secondi, poi ricompare di nuovo e va tutto bene.

Ho notato però che la connessione internet andava a singhiozzi (cavo di rete scollegato) e la velocità era a 10 e non a 100 Mbps; per un paio di giorni mi sono connesso (ed anche gli altri pc) con un altro modem prestatomi da un amico ed andava tutto bene (velocità indicata 100 Mbps), poi quando ho rimesso il mio è ritornato tutto come prima ed addirittura non riuscivo ad entrare nella pagina di configurazione. Dopo vari tentativi, sono riuscito ad aggiornare il firmware del modem che va un pò meglio, ma sempre a 10 Mbps.

In definitiva ad oggi si connette ad internet (non segna più cavo scollegato), ma lentissimo a caricare le pagine ed addirittura si imballa anche con i programmi; combofix e Hijacktis li ho scaricati da un altro pc e poi li ho passati con la chiavetta. All’accensione ed alla chiusura non ho problemi, tranne per il discorso della barra applicazioni. Allego file con le informazioni sul pc e sistema operativo, il log di combofix e quello di Hijacktis sperando che mi possiate dare qualche informazione; grazie Francesco

Non mi risponde nessuno ?, aspetto ancora notizie, grazie.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao francocamoli :)

Devo domandarti scusa se non ho visto il tuo post

Fammi sapere se ancora necessiti di aiuto, :):anna::ciao:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Si, ancora ho problemi, specialmente con la connessione; il pc si imballa sia su internet che sui programmi (non sempre), mi segnala la connessione a 10 Mbps e la barra delle applicazioni all'inizio sparisce sempre per circa 90 sec e poi riappare.

Riallego file recenti con le informazioni sul pc e sistema operativo, il log di combofix e quello di Hijacktis; grazie Francesco.

SISTEMA.txt

ComboFix.txt

hijackthis.log

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ok!! Andiamo

Purtroppo, non ricordo di averti chiesto qualche tool, Mah!!

OTL by Oldtimer

  • Scarica OTL sul desktop.
  • Fare doppio clic sull'icona per eseguirlo. Assicurarsi che tutte le finestre siano chiuse per farlo funzionare senza interruzioni.
  • Quando appare la schermata, portarsi in alto, sotto la voce Output modificare in minimal output.
  • Seleziona le caselle accanto a LOP e Purity Check.
  • Sotto, in Custom Scans/Fixes incolla questo script

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

winlogon.exe

Userinit.exe

svchost.exe

services.exe

/md5stop

%systemroot%\*. /rp /s

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

DRIVES

CREATERESTOREPOINT

  • Fare clic sul pulsante Run Scan. Non modificare le impostazioni se non diversamente detto di farlo. La scansione Durerà un po' di minuti, abbi pazienza.
  • Al termine della scansione, si apriranno due file di testo. OTL.Txt e Extras.Txt. Questi vengono salvati nella stessa posizione di OTL.
  • Copia (Edit-> Seleziona tutto, Modifica-> Copia), il contenuto di questi file, uno alla volta, e postali nella risposta successiva.
  • Potrebbero essere necessari due post per adattarli entrambi.

Scarica aswMBR.exe e salvalo sul tuo desktop.

  • Doppio click sua swMBR.exe per avviare il tool. (Vista/Windows 7 - click destro, Esegui come amministratore)
  • Click Scan
  • Al termine della scansione clicca su Save log salvalo sul tuo desktop, e postalo nella tua prossima risposta.
  • Attenzione: non eseguire nessun fix.
  • Noterete anche un altro file creato sul desktop denominatoMBR.dat. Tasto destro del mouse al file e selezionare Invia a> file compresso (zip) . Allega anche il file compresso nella tua prossima risposta .

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ho eseguito tutto per come mi è stato chiesto, allego e posto i log.

OTL logfile created on: 14/02/2013 17.43.52 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Franco\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,92% Memory free

5,09 Gb Paging File | 4,14 Gb Available in Paging File | 81,37% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 319,27 Gb Total Space | 277,33 Gb Free Space | 86,86% Space Free | Partition Type: NTFS

Drive E: | 146,48 Gb Total Space | 140,97 Gb Free Space | 96,23% Space Free | Partition Type: NTFS

Drive F: | 45,23 Gb Total Space | 12,00 Gb Free Space | 26,53% Space Free | Partition Type: NTFS

Drive G: | 107,42 Gb Total Space | 89,77 Gb Free Space | 83,57% Space Free | Partition Type: NTFS

Computer Name: PRIVATO-1595252 | User Name: Franco | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Franco\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Programmi\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Programmi\COMODO\COMODO Internet Security\cfp.exe (COMODO)

PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Programmi\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)

PRC - C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\system32\KaraokeSer.exe (VIA Technologies, Inc.)

PRC - C:\Programmi\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

PRC - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

PRC - C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

PRC - C:\Programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)

PRC - C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

PRC - C:\Programmi\GIGABYTE\Common\RaRegistry.exe (Ralink Technology, Corp.)

PRC - C:\WINDOWS\system32\ANIWConnService.exe ()

PRC - C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programmi\D-Link\AirPlus G\AirGCFG.exe (D-Link)

PRC - C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Programmi\TextBridge Pro 9.0\Bin\InstantAccess.exe ()

PRC - C:\Programmi\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll ()

MOD - C:\Programmi\AVAST Software\Avast\defs\13021400\algo.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()

MOD - C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll ()

MOD - C:\Programmi\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll ()

MOD - C:\Programmi\Google\Chrome\Application\24.0.1312.57\pdf.dll ()

MOD - C:\Programmi\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()

MOD - C:\Programmi\Google\Chrome\Application\24.0.1312.57\libegl.dll ()

MOD - C:\Programmi\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()

MOD - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA ()

MOD - C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()

MOD - C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()

MOD - C:\Programmi\DeviceVM\Browser Configuration Utility\sqlite3.dll ()

MOD - C:\WINDOWS\system32\ANIWConnService.exe ()

MOD - C:\WINDOWS\system32\wlanapp.dll ()

MOD - C:\WINDOWS\system32\ANIOApi.dll ()

MOD - C:\Programmi\D-Link\DWL-G122_DWA-110\ANIOApi.dll ()

MOD - C:\WINDOWS\system32\AQCKGen.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\tb99reghigh.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\InstantAccess.exe ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\Tbmhook.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\ExcelAccess.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\WordAccess.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\IAResEng.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\collaborate.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\OfficeAccess.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\MSAppAccess.dll ()

MOD - C:\Programmi\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (JavaQuickStarterService) -- C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (cmdAgent) -- C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (FLEXnet Licensing Service) -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)

SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Programmi\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)

SRV - (Autodesk Content Service) -- C:\Programmi\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)

SRV - (ServUpdater) -- C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe (ServiceUpd)

SRV - (KaraokeService) -- C:\WINDOWS\system32\KaraokeSer.exe (VIA Technologies, Inc.)

SRV - (AODService) -- C:\Programmi\AMD\OverDrive\AODAssist.exe ()

SRV - (osppsvc) -- C:\Programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (BCUService) -- C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

SRV - (ANIWZCSdService) -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)

SRV - (RalinkRegistryWriter) -- C:\Programmi\GIGABYTE\Common\RaRegistry.exe (Ralink Technology, Corp.)

SRV - (ANIWConnService) -- C:\WINDOWS\system32\ANIWConnService.exe ()

SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (MSI_MSIBIOS_010507) -- C:\Programmi\MSI\Live Update 5\msibios32_100507.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found

DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found

DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\DOCUME~1\Franco\IMPOST~1\Temp\catchme.sys File not found

DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()

DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)

DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (cpuz135) -- C:\Programmi\CPUID\PC Wizard 2012\pcwiz_x32.sys (CPUID)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (LPCFilter) -- C:\WINDOWS\system32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV - (usbfilter) -- C:\WINDOWS\system32\drivers\usbfilter.sys (Advanced Micro Devices)

DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (MxEFUF) -- C:\WINDOWS\system32\drivers\MxEFUF32.sys (Matrox Graphics Inc.)

DRV - (NTIOLib_1_0_4) -- C:\Programmi\MSI\Live Update 5\NTIOLib.sys (MSI)

DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)

DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys ()

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

DRV - (cpwnt) -- C:\WINDOWS\System32\drivers\Cpwnt.sys (Micropi Elettronica - Italia)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzum.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com?fr=fp-comodo

IE - HKCU\..\SearchScopes,DefaultScope = {7AD10805-A73A-4661-ACD6-FE1C2F6AFC8D}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{0D741E73-458B-45ac-AC2F-309287CF2572}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346

IE - HKCU\..\SearchScopes\{0F59851B-DE3E-45f1-A4F4-CC315CF57911}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH

IE - HKCU\..\SearchScopes\{7AD10805-A73A-4661-ACD6-FE1C2F6AFC8D}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM

IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzum.com/?q={SearchTerms}

IE - HKCU\..\SearchScopes\{B4251155-7D25-4dbe-8868-EA6FF830C8BD}: "URL" = http://search.chatzum.com/?q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.it/ig?hl=it"'>http://www.google.it/ig?hl=it"

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474

FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.1.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js..keyword.URL: "http://it.search.yahoo.com/search?fr=ytff-comodo&p="

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/02/13 18.09.05 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programmi\AVAST Software\Avast\WebRep\FF [2012/11/06 16.21.28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2013/02/07 10.14.13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2013/01/21 17.40.26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins

[2012/07/10 16.44.36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Extensions

[2013/02/07 11.02.46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\extensions

[2012/09/09 11.23.38 | 000,000,000 | ---D | M] (Foxdie (Graphite)) -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\extensions\FoxdieGraphite@tanjihay.com

[2013/02/07 11.02.46 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\extensions\info@djzig.com

[2013/02/01 16.44.29 | 000,224,945 | ---- | M] () (No name found) -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\extensions\gophoto@gophoto.it.xpi

[2013/02/02 20.24.51 | 000,111,083 | ---- | M] () (No name found) -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

[2012/07/16 11.55.44 | 001,496,221 | ---- | M] () (No name found) -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\extensions\{ce951a80-a291-11df-981c-0800200c9a66}.xpi

[2012/07/23 11.49.29 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\searchplugins\findeer.xml

[2012/07/11 18.06.29 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\searchplugins\search-web.xml

[2013/02/07 10.13.55 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions

[2012/11/06 16.21.28 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMMI\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/07/15 07.28.09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2013/02/07 10.14.13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll

[2012/12/14 19.47.40 | 000,001,606 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml

[2012/09/07 10.56.51 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml

[2012/12/14 19.47.40 | 000,000,957 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml

[2012/12/14 19.47.40 | 000,001,030 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml

[2012/12/14 19.47.40 | 000,001,395 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml

[2012/12/14 19.47.40 | 000,001,166 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - homepage: http://www.google.it/ig

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.it/ig

CHR - plugin: Shockwave Flash (Enabled) = C:\Programmi\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Programmi\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmi\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Programmi\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Documenti Google = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: WOT = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\

CHR - Extension: YouTube = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Instantanea pagina - Webpage Screenshot = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.3_0\

CHR - Extension: Ricerca Google = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: Google Traduttore per Google+ = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1.7_0\

CHR - Extension: Orologio = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg\1.16_0\

CHR - Extension: GoPhoto.it = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\

CHR - Extension: Gmail = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Yann Arthus-Bertrand = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0\

O1 HOSTS File: ([2013/02/03 11.47.50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

O4 - HKLM..\Run: [Autodesk Sync] C:\Programmi\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)

O4 - HKLM..\Run: [avast] C:\Programmi\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bCU] C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Programmi\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe (D-Link)

O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)

O4 - HKLM..\Run: [EEventManager] C:\Programmi\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [instantAccess] C:\Programmi\TextBridge Pro 9.0\Bin\InstantAccess.exe ()

O4 - HKLM..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [D4FA186C7C3D35A290E347A94C5158F1409C0725._service_run] C:\Programmi\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE (SEIKO EPSON CORPORATION)

O4 - Startup: C:\Documents and Settings\Franco\Menu Avvio\Programmi\Esecuzione automatica\reminder-ScanSoft Product Registration.lnk = C:\Programmi\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: I&nvia a OneNote - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Scarica con Free Download Manager - C:\Programmi\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Scarica i video con Free Download Manager - C:\Programmi\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Scarica selezionati con Free Download Manager - C:\Programmi\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Scarica tutto con Free Download Manager - C:\Programmi\Free Download Manager\dlall.htm ()

O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341934130734 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342021535171 (MUWebControl Class)

O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{842C711C-8A30-4013-ACC5-6B75DA3F6BD8}: NameServer = 212.216.112.112,212.216.176.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}: NameServer = 212.216.112.112,212.216.176.62

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/10/01 16.36.34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2012/07/09 16.16.59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/03/13 20.32.53 | 000,000,000 | ---D | M] - F:\autocad 2011 -- [ NTFS ]

O32 - AutoRun File - [2011/03/13 21.30.48 | 000,000,000 | ---D | M] - F:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2006/01/14 08.22.54 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/14 17.41.33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Franco\Desktop\OTL.exe

[2013/02/14 17.06.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\HitmanPro

[2013/02/08 20.25.47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Franco\Recent

[2013/02/07 17.55.13 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/02/07 11.32.45 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2013/02/07 11.32.45 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2013/02/07 11.32.35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013/02/07 11.32.35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013/02/07 11.32.35 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013/02/07 10.13.54 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox

[2013/02/02 19.36.14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2013/01/31 11.26.27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013/01/30 18.01.36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2013/01/30 11.41.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\D-Link

[2013/01/30 11.26.47 | 000,270,336 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll

[2013/01/30 11.25.01 | 000,479,360 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Dr71WU98.sys

[2013/01/30 11.25.01 | 000,247,808 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt25u98.sys

[2013/01/28 12.51.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dati applicazioni\Adobe

[2013/01/28 12.44.21 | 005,029,149 | R--- | C] (Swearware) -- C:\Documents and Settings\Franco\Desktop\ComboFix.exe

[2013/01/23 17.33.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Franco\Documenti\NeroVision

[2013/01/21 17.40.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Smart Toolbar Remover

[2013/01/21 17.17.26 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013/01/21 17.04.06 | 000,011,832 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\acpimof.dll

[2013/01/21 16.48.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Autodesk, Inc

[2013/01/21 11.38.48 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Thunderbird

[2013/01/19 12.09.32 | 000,000,000 | ---D | C] -- C:\Programmi\Smart PC Solutions

[2013/01/17 17.48.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Franco\Dati applicazioni\ABBYY

[2013/01/17 17.36.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\ABBYY FineReader 11

[2013/01/17 16.58.52 | 000,000,000 | ---D | C] -- C:\Programmi\ABBYY FineReader 11

[2013/01/17 16.56.17 | 000,000,000 | ---D | C] -- C:\Programmi\MSXML 6.0

[2013/01/17 12.52.49 | 000,000,000 | ---D | C] -- C:\Downloads

[2013/01/17 12.46.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Franco\Dati applicazioni\Free Download Manager

[2013/01/17 12.46.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Free Download Manager

[2013/01/17 12.45.52 | 000,000,000 | ---D | C] -- C:\Programmi\Free Download Manager

[2013/01/17 12.36.36 | 000,000,000 | ---D | C] -- C:\Temp

[2013/01/17 11.43.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Chrome

[2013/01/17 11.40.16 | 000,000,000 | ---D | C] -- C:\Programmi\Google

[2013/01/16 11.53.38 | 000,000,000 | ---D | C] -- C:\Programmi\Gophoto.it

[2013/01/16 10.33.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Help

[2013/01/16 10.33.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Franco\Dati applicazioni\Help

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/14 17.41.35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Franco\Desktop\OTL.exe

[2013/02/14 17.27.15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/02/14 17.21.08 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/02/14 17.20.48 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2013/02/14 17.20.43 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}

[2013/02/14 17.20.32 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}

[2013/02/14 17.18.33 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/14 17.18.20 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys

[2013/02/14 17.18.17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/02/14 17.16.04 | 000,001,018 | ---- | M] () -- C:\WINDOWS\System32\.crusader

[2013/02/14 16.55.01 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/14 12.21.47 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME

[2013/02/13 18.06.28 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/02/13 18.00.45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/02/13 17.53.55 | 000,546,418 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat

[2013/02/13 17.53.55 | 000,496,878 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/02/13 17.53.55 | 000,100,792 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat

[2013/02/13 17.53.55 | 000,085,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/02/13 17.37.49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/02/08 20.22.58 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/02/08 12.28.53 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/02/08 12.28.52 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/02/07 11.32.24 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013/02/07 11.32.12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2013/02/07 11.32.12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013/02/07 11.32.12 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2013/02/07 11.32.10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013/02/07 11.32.08 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2013/02/07 11.32.08 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2013/02/03 11.47.50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/02/03 11.16.11 | 005,029,149 | R--- | M] (Swearware) -- C:\Documents and Settings\Franco\Desktop\ComboFix.exe

[2013/02/02 19.52.29 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/01/30 18.04.12 | 000,000,452 | RHS- | M] () -- C:\Documents and Settings\Franco\ntuser.pol

[2013/01/30 17.51.26 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2013/01/30 11.41.01 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk

[2013/01/30 11.29.18 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Franco\Dati applicazioni\ANICONFIG_{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}.ini

[2013/01/27 12.13.18 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guida di rete EPSON SX235 Series.lnk

[2013/01/27 12.12.56 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guida utente EPSON SX235 Series.lnk

[2013/01/27 12.01.24 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk

[2013/01/26 04.55.42 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll

[2013/01/23 17.26.17 | 000,043,062 | ---- | M] () -- C:\Documents and Settings\Franco\Documenti\UserImages.bmp

[2013/01/22 16.56.55 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI

[2013/01/22 16.55.54 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2013/01/22 11.41.57 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk

[2013/01/21 17.45.31 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/01/21 17.45.30 | 000,002,933 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/01/21 17.32.50 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Franco\Documenti\acad.err

[2013/01/21 17.04.07 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Live Update 5.lnk

[2013/01/19 12.09.33 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\Franco\Desktop\Smart Toolbar Remover.lnk

[2013/01/18 12.00.57 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ABBYY FineReader 11.lnk

[2013/01/17 12.46.02 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Franco\Desktop\Free Download Manager.lnk

[2013/01/16 10.29.16 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab

[2013/01/16 10.25.16 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk

[2013/01/16 09.42.03 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Franco\Desktop\PC Wizard 2012.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/14 17.16.04 | 000,001,018 | ---- | C] () -- C:\WINDOWS\System32\.crusader

[2013/02/14 17.08.20 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys

[2013/02/13 17.56.54 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2013/01/30 18.04.11 | 000,000,452 | RHS- | C] () -- C:\Documents and Settings\Franco\ntuser.pol

[2013/01/30 16.58.33 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME

[2013/01/30 11.41.01 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk

[2013/01/30 11.28.09 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Franco\Dati applicazioni\ANICONFIG_{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}.ini

[2013/01/30 11.27.10 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}

[2013/01/30 11.27.00 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}

[2013/01/30 11.26.58 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe

[2013/01/30 11.25.44 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe

[2013/01/30 11.25.43 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll

[2013/01/30 11.25.01 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\rt73.bin

[2013/01/23 17.26.17 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\Franco\Documenti\UserImages.bmp

[2013/01/21 17.26.26 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Franco\Documenti\acad.err

[2013/01/21 17.04.07 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Live Update 5.lnk

[2013/01/21 16.55.37 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Franco\Menu Avvio\Programmi\Esecuzione automatica\reminder-ScanSoft Product Registration.lnk

[2013/01/19 12.09.33 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\Franco\Desktop\Smart Toolbar Remover.lnk

[2013/01/17 17.36.35 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ABBYY FineReader 11.lnk

[2013/01/17 12.46.02 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Franco\Desktop\Free Download Manager.lnk

[2013/01/17 11.43.41 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/01/17 11.40.21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/17 11.40.20 | 000,001,126 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/16 09.42.03 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Franco\Desktop\PC Wizard 2012.lnk

[2012/12/27 19.10.25 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/01 18.50.43 | 001,114,422 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-606747145-1844237615-839522115-1003-0.dat

[2012/10/01 18.50.42 | 000,384,438 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat

[2012/10/01 18.10.56 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft.SqlServer.Compact.351.32.bc

[2012/07/25 09.13.22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/07/25 09.13.22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/07/25 09.13.22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/07/25 09.13.22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/07/25 09.13.22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/07/20 19.49.46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll

[2012/07/20 19.49.46 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI

[2012/07/20 19.49.46 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini

[2012/07/20 19.48.51 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

[2012/07/18 11.16.00 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\Franco\default.pls

[2012/07/18 11.15.42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2012/07/17 16.37.04 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll

[2012/07/17 16.37.03 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys

[2012/07/17 16.37.03 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys

[2012/07/17 16.33.25 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll

[2012/07/17 16.33.25 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll

[2012/07/17 16.33.25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll

[2012/07/17 16.33.25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll

[2012/07/17 16.33.24 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll

[2012/07/17 13.43.16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2012/07/16 17.27.03 | 000,000,179 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2012/07/16 17.26.48 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\Pixpcz.dll

[2012/07/16 17.26.48 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\Pixpnr.dll

[2012/07/16 17.26.48 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\Setbrows.exe

[2012/07/16 16.26.13 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll

[2012/07/16 16.26.13 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys

[2012/07/16 16.26.13 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys

[2012/07/16 16.26.12 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll

[2012/07/16 16.26.12 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll

[2012/07/16 16.26.12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll

[2012/07/16 16.20.33 | 000,151,552 | R--- | C] () -- C:\WINDOWS\UnUSBDrv.exe

[2012/07/14 09.50.45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/07/13 19.17.38 | 000,024,500 | ---- | C] () -- C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\census.cache

[2012/07/13 19.17.37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\ars.cache

[2012/07/13 18.37.34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\housecall.guid.cache

[2012/07/11 18.32.03 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2012/07/10 16.44.20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2012/07/10 14.30.28 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll

[2012/07/10 14.30.28 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll

[2012/07/09 21.41.29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/07/09 21.40.14 | 000,379,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/09 19.50.30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2012/07/09 19.50.30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2012/07/09 16.33.01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/07/09 16.32.54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2012/07/09 16.32.54 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/07/09 16.32.54 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2012/07/09 16.19.16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/09 16.14.00 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/07/09 16.31.39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18.13.52 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 11.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/02 16.57.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk

[2012/07/14 17.54.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software

[2012/07/24 11.12.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DriverGenius

[2012/07/17 13.24.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON

[2012/07/10 19.28.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\eSobi

[2012/07/14 10.44.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\GFI Software

[2012/07/20 19.48.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Gigabyte Driver

[2013/02/14 17.16.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\HitmanPro

[2012/07/10 14.48.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX

[2012/07/17 12.10.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL

[2012/07/14 10.45.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\Ad-Aware Antivirus

[2012/12/02 16.57.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\Autodesk

[2012/07/10 19.25.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/07/21 17.13.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\Easeware

[2013/02/07 17.38.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\Epson

[2012/07/10 19.28.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\eSobi

[2013/01/18 17.30.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\Free Download Manager

[2012/07/10 19.27.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\MAGIX

[2012/08/30 10.50.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\MSI

[2012/07/14 12.25.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\OpenOffice.org

[2012/07/12 18.39.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\Oracle

[2012/07/10 18.46.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\Thunderbird

[2012/07/22 16.54.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Franco\Dati applicazioni\UpdateStar Drivers

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2004/08/19 14.39.36 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=178D42BD8FC34A9837417A6CE1D6BB7B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/13 18.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\erdnt\cache\explorer.exe

[2008/04/13 18.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\explorer.exe

[2008/04/13 18.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/09 12.22.49 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=26845F272435302E0F3322E660A24F7D -- C:\WINDOWS\erdnt\cache\services.exe

[2009/02/09 12.22.49 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=26845F272435302E0F3322E660A24F7D -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/09 12.22.49 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=26845F272435302E0F3322E660A24F7D -- C:\WINDOWS\system32\services.exe

[2009/02/09 12.14.45 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C79FEAE2F68982259907AB52B0F2676F -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 18.14.20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=DAC0440C89B1EA4E35684896D5BF856E -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 18.14.20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=DAC0440C89B1EA4E35684896D5BF856E -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2004/08/19 14.39.46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=E77F6FA2A15390F1727F4C1C55B69DA6 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >

[2004/08/19 14.39.46 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=73955B04F209D8A1C633867841267A96 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[2008/04/13 18.14.22 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\erdnt\cache\svchost.exe

[2008/04/13 18.14.22 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 18.14.22 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >

[2004/08/19 14.39.46 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=C1E7FE19F98A877BF8F941BF48148695 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 18.14.24 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\erdnt\cache\userinit.exe

[2008/04/13 18.14.24 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 18.14.24 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/19 14.39.46 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=4166454E2BCFCC20D1B8A5AC9FEAB243 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/13 18.14.26 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\erdnt\cache\winlogon.exe

[2008/04/13 18.14.26 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 18.14.26 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media

Interface type: IDE

Media Type: Fixed\thard disk media

Model: ST500DM002-1BD142

Partitions: 2

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media

Interface type: IDE

Media Type: Fixed\thard disk media

Model: Maxtor 6L160M0

Partitions: 2

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 319,00GB

Starting Offset: 32256

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Extended w/Extended Int 13

Bootable: False

BootPartition: False

PrimaryPartition: False

Size: 146,00GB

Starting Offset: 342813219840

Hidden sectors: 0

DeviceID: Disk #1, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 45,00GB

Starting Offset: 32256

Hidden sectors: 0

DeviceID: Disk #1, Partition #1

PartitionType: Extended w/Extended Int 13

Bootable: False

BootPartition: False

PrimaryPartition: False

Size: 107,00GB

Starting Offset: 48570278400

Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction

[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\VC_RED.cab:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\install.res.1040.dll:SummaryInformation

< End of report >

OTL Extras logfile created on: 14/02/2013 17.43.52 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Franco\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,92% Memory free

5,09 Gb Paging File | 4,14 Gb Available in Paging File | 81,37% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 319,27 Gb Total Space | 277,33 Gb Free Space | 86,86% Space Free | Partition Type: NTFS

Drive E: | 146,48 Gb Total Space | 140,97 Gb Free Space | 96,23% Space Free | Partition Type: NTFS

Drive F: | 45,23 Gb Total Space | 12,00 Gb Free Space | 26,53% Space Free | Partition Type: NTFS

Drive G: | 107,42 Gb Total Space | 89,77 Gb Free Space | 83,57% Space Free | Partition Type: NTFS

Computer Name: PRIVATO-1595252 | User Name: Franco | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programmi\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"50248:TCP" = 50248:TCP:*:Enabled:Autodesk Content Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\Programmi\Mozilla Thunderbird\thunderbird.exe" = C:\Programmi\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)

"C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe" = C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe:*:Enabled:HD ADeck -- (VIA Technologies, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programmi\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"C:\Programmi\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe" = C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)

"C:\Programmi\Epson Software\Event Manager\EEventManager.exe" = C:\Programmi\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5

"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.02

"{02C5C4FD-C9F0-95E8-AEA2-43BB7FE8B54E}" = CCC Help French

"{04CCCE69-44A9-0F70-A49A-AFE567EEB407}" = CCC Help Finnish

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0E07E96A-7520-4C1A-BE34-9A2A5F2F0F89}" = GIGABYTE Gigabyte Wireless Adapter

"{0EBC64E8-E24F-4288-10ED-0D488D8F693F}" = CCC Help Chinese Standard

"{0FAEAB3B-9D37-A8E8-7CA4-77B330F8ECD8}" = CCC Help Thai

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013

"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013

"{1715FAC3-C163-77A3-FDF9-46A14DC47E3B}" = Catalyst Control Center Localization All

"{17392354-CD68-6544-693C-354BC56123C3}" = CCC Help Russian

"{1E6875D5-5A1D-4569-840F-371FF391A4CE}" = ScanButton

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2559CE47-AED1-942C-DC17-6F502EA91095}" = CCC Help Turkish

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{31DED192-9695-4FBD-68DB-D6602B683409}" = CCC Help Spanish

"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack

"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B06D2EF-BCBE-4E3F-87C6-8931736ED4FF}" = PriMus Trial Version

"{3BFED551-630D-4C5E-A90F-A6B7E9CF3CA0}" = PriMus-DCF v.NEXT GENERATION©

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{4344E211-F621-3870-9A08-2F56C71BA0A7}" = Microsoft .NET Framework 4 Extended ITA Language Pack

"{43721AA3-4ACA-CFD6-31EC-1196D36428CE}" = Catalyst Control Center Graphics Previews Common

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B0676CF-DA9C-4222-38D2-0DDE8B63AD81}" = ccc-utility

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{4EBE8D8A-4038-0FA3-D384-EEB11884F492}" = CCC Help Polish

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{544EE134-0CA1-2567-1F19-F04927E3AE1A}" = CCC Help Norwegian

"{5783F2D7-B001-0000-0002-0060B0CE6BBA}" = AutoCAD 2013 – Italiano (Italian)

"{5783F2D7-B001-0410-1002-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - Italiano (Italian)

"{5783F2D7-B001-0410-2002-0060B0CE6BBA}" = AutoCAD 2013 – Italiano (Italian)

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5E0AB036-8961-05F5-82C7-5FD31082B2C5}" = Catalyst Control Center InstallProxy

"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110

"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service

"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack

"{62FB45B4-AB34-121F-454A-74A4C69BCD29}" = Catalyst Control Center

"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive

"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9

"{6B55E2EE-BEE5-073B-546F-37FCB9DE4F26}" = CCC Help Portuguese

"{6D6F6DEA-EE8B-CE2B-474E-0AB055611040}" = Nero 7 Demo

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7976490A-CF6B-5FE6-9A7D-565B4E98A3EC}" = CCC Help Japanese

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Plug-in Autodesk Inventor Fusion per AutoCAD 2013

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83EB9ACE-CDB8-9C78-CE3B-A3BFF5BE5E54}" = CCC Help Hungarian

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B079C58-860B-4715-BDEC-5FBAAB1719AF}" = Browser Configuration Utility

"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager

"{90140000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 14

"{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010

"{90140000-0015-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010

"{90140000-0016-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010

"{90140000-0018-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010

"{90140000-0019-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010

"{90140000-001A-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010

"{90140000-001B-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010

"{90140000-002C-0410-0000-0000000FF1CE}_Office14.SingleImage_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010

"{90140000-006E-0410-0000-0000000FF1CE}_Office14.SingleImage_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010

"{90140000-00A1-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{921D7747-1DA0-55A1-61BA-A37E163E5195}" = CCC Help German

"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A89DA11B-43A6-B413-B2A6-CA64A13315AC}" = CCC Help Danish

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Italiano

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ADECE334-90F5-29D4-C64C-96BCF2835471}" = CCC Help Chinese Traditional

"{AFCA8FBA-8F54-B404-51A0-1C26981CCC02}" = CCC Help Italian

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{BA6B2F47-6D64-9FD5-8657-A1CD4F6504FF}" = CCC Help Korean

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0A1E07E-A2EA-E9B0-FC55-ECD6F547136B}" = AMD Catalyst Install Manager

"{C5E1FD6E-6CBF-8288-4EFF-449F16333EB4}" = CCC Help Greek

"{C7655E09-ADE6-4ACD-A696-CA7BC2F88116}" = SlimDrivers

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5E16D1-B084-4778-A5C2-BA5A49158475}" = MiraScan V5.01

"{D998DDD7-F4E7-7150-9BD9-3A057F1C35D1}" = CCC Help English

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync

"{EF13B9FD-8B50-82BD-7F27-4E75B87A4020}" = CCC Help Dutch

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F11000FE-0010-0000-0000-074957833700}" = ABBYY FineReader 11

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FA7547A3-26EA-5EA5-8493-6DA995BB8692}" = CCC Help Swedish

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie

"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security

"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Language Pack del plug-in Autodesk Inventor Fusion per AutoCAD 2013

"{FFF5619F-2013-0032-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013

"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AutoCAD 2013 – Italiano (Italian)" = AutoCAD 2013 – Italiano (Italian)

"AutoCAD 2013 – Italiano (Italian) SP1.1" = AutoCAD 2013 – Italiano (Italian) SP1.1

"Autodesk Content Service" = Autodesk Content Service

"Autodesk Design Review 2013" = Autodesk Design Review 2013

"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"CodFree 5.00_is1" = CodFree 5.00 - Codice Fiscale

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DMX5_is1" = DriverMax 6

"EPSON Scanner" = EPSON Scan

"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall

"EPSON SX235 Series Netg" = Guida di rete EPSON SX235 Series

"EPSON SX235 Series Useg" = Guida utente EPSON SX235 Series

"Free Download Manager_is1" = Free Download Manager 3.9

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma

"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended ITA Language Pack" = Microsoft .NET Framework 4 Extended - Language Pack (ITA)

"Mozilla Firefox 18.0.2 (x86 it)" = Mozilla Firefox 18.0.2 (x86 it)

"Mozilla Thunderbird 17.0.2 (x86 it)" = Mozilla Thunderbird 17.0.2 (x86 it)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Professional 2010

"PC Wizard 2012_is1" = PC Wizard 2012.2.11

"Plug-in Autodesk Inventor Fusion per AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013

"Smart Toolbar Remover_is1" = Smart Toolbar Remover v2.1

"TextBridge Pro 9.0" = TextBridge Pro 9.0

"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR gestione archivi

"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/02/2013 12.08.47 | Computer Name = PRIVATO-1595252 | Source = Application Error | ID = 1000

Description = Applicazione che ha provocato l'errore ANIWZCSdS.exe, versione 1.0.4.9194,

modulo che ha provocato l'errore user32.dll, versione 5.1.2600.5512, indirizzo

errore 0x00014acd.

Error - 12/02/2013 12.09.11 | Computer Name = PRIVATO-1595252 | Source = Autodesk Content Service | ID = 0

Description = Impossibile avviare il servizio. System.IO.FileNotFoundException:

Impossibile caricare il file o l'assembly 'log4net, Version=1.2.10.0, Culture=neutral,

PublicKeyToken=1b44e1d426115821' o una delle relative dipendenze. Impossibile trovare

il file specificato. Nome file: 'log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821'

in Connect.Logging.Logger.Error(Object message) in Connect.IVault.IVault.OnStart(String[]

args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

AVV:

la registrazione dell'associazione di assembly è disattivata. Per abilitare la registrazione

degli errori di associazione di assembly, impostare il valore del Registro di sistema

[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) su 1. Nota: alcune penalità di

prestazione sono associate alla registrazione degli errori di associazione di assembly.

Per

disattivare la funzionalità, rimuovere il valore del Registro di sistema [HKLM\Software\Microsoft\Fusion!EnableLog].

Error - 12/02/2013 12.11.17 | Computer Name = PRIVATO-1595252 | Source = PowerOffer Upd Service | ID = 0

Description = Service cannot be started. Handle non valido

Error - 13/02/2013 12.38.20 | Computer Name = PRIVATO-1595252 | Source = Autodesk Content Service | ID = 0

Description = Impossibile avviare il servizio. System.IO.FileNotFoundException:

Impossibile caricare il file o l'assembly 'log4net, Version=1.2.10.0, Culture=neutral,

PublicKeyToken=1b44e1d426115821' o una delle relative dipendenze. Impossibile trovare

il file specificato. Nome file: 'log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821'

in Connect.Logging.Logger.Error(Object message) in Connect.IVault.IVault.OnStart(String[]

args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

AVV:

la registrazione dell'associazione di assembly è disattivata. Per abilitare la registrazione

degli errori di associazione di assembly, impostare il valore del Registro di sistema

[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) su 1. Nota: alcune penalità di

prestazione sono associate alla registrazione degli errori di associazione di assembly.

Per

disattivare la funzionalità, rimuovere il valore del Registro di sistema [HKLM\Software\Microsoft\Fusion!EnableLog].

Error - 13/02/2013 13.07.08 | Computer Name = PRIVATO-1595252 | Source = Autodesk Content Service | ID = 0

Description = Impossibile avviare il servizio. System.IO.FileNotFoundException:

Impossibile caricare il file o l'assembly 'log4net, Version=1.2.10.0, Culture=neutral,

PublicKeyToken=1b44e1d426115821' o una delle relative dipendenze. Impossibile trovare

il file specificato. Nome file: 'log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821'

in Connect.Logging.Logger.Error(Object message) in Connect.IVault.IVault.OnStart(String[]

args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

AVV:

la registrazione dell'associazione di assembly è disattivata. Per abilitare la registrazione

degli errori di associazione di assembly, impostare il valore del Registro di sistema

[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) su 1. Nota: alcune penalità di

prestazione sono associate alla registrazione degli errori di associazione di assembly.

Per

disattivare la funzionalità, rimuovere il valore del Registro di sistema [HKLM\Software\Microsoft\Fusion!EnableLog].

Error - 14/02/2013 7.22.11 | Computer Name = PRIVATO-1595252 | Source = Autodesk Content Service | ID = 0

Description = Impossibile avviare il servizio. System.IO.FileNotFoundException:

Impossibile caricare il file o l'assembly 'log4net, Version=1.2.10.0, Culture=neutral,

PublicKeyToken=1b44e1d426115821' o una delle relative dipendenze. Impossibile trovare

il file specificato. Nome file: 'log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821'

in Connect.Logging.Logger.Error(Object message) in Connect.IVault.IVault.OnStart(String[]

args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

AVV:

la registrazione dell'associazione di assembly è disattivata. Per abilitare la registrazione

degli errori di associazione di assembly, impostare il valore del Registro di sistema

[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) su 1. Nota: alcune penalità di

prestazione sono associate alla registrazione degli errori di associazione di assembly.

Per

disattivare la funzionalità, rimuovere il valore del Registro di sistema [HKLM\Software\Microsoft\Fusion!EnableLog].

Error - 14/02/2013 11.54.03 | Computer Name = PRIVATO-1595252 | Source = Autodesk Content Service | ID = 0

Description = Impossibile avviare il servizio. System.IO.FileNotFoundException:

Impossibile caricare il file o l'assembly 'log4net, Version=1.2.10.0, Culture=neutral,

PublicKeyToken=1b44e1d426115821' o una delle relative dipendenze. Impossibile trovare

il file specificato. Nome file: 'log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821'

in Connect.Logging.Logger.Error(Object message) in Connect.IVault.IVault.OnStart(String[]

args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

AVV:

la registrazione dell'associazione di assembly è disattivata. Per abilitare la registrazione

degli errori di associazione di assembly, impostare il valore del Registro di sistema

[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) su 1. Nota: alcune penalità di

prestazione sono associate alla registrazione degli errori di associazione di assembly.

Per

disattivare la funzionalità, rimuovere il valore del Registro di sistema [HKLM\Software\Microsoft\Fusion!EnableLog].

Error - 14/02/2013 11.55.57 | Computer Name = PRIVATO-1595252 | Source = PowerOffer Upd Service | ID = 0

Description = Service cannot be started. Handle non valido

Error - 14/02/2013 12.18.53 | Computer Name = PRIVATO-1595252 | Source = Autodesk Content Service | ID = 0

Description = Impossibile avviare il servizio. System.IO.FileNotFoundException:

Impossibile caricare il file o l'assembly 'log4net, Version=1.2.10.0, Culture=neutral,

PublicKeyToken=1b44e1d426115821' o una delle relative dipendenze. Impossibile trovare

il file specificato. Nome file: 'log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821'

in Connect.Logging.Logger.Error(Object message) in Connect.IVault.IVault.OnStart(String[]

args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

AVV:

la registrazione dell'associazione di assembly è disattivata. Per abilitare la registrazione

degli errori di associazione di assembly, impostare il valore del Registro di sistema

[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) su 1. Nota: alcune penalità di

prestazione sono associate alla registrazione degli errori di associazione di assembly.

Per

disattivare la funzionalità, rimuovere il valore del Registro di sistema [HKLM\Software\Microsoft\Fusion!EnableLog].

Error - 14/02/2013 12.20.48 | Computer Name = PRIVATO-1595252 | Source = PowerOffer Upd Service | ID = 0

Description = Service cannot be started. Handle non valido

[ System Events ]

Error - 14/02/2013 7.23.59 | Computer Name = PRIVATO-1595252 | Source = Service Control Manager | ID = 7022

Description = Servizio Serv Updater bloccato in partenza.

Error - 14/02/2013 7.23.59 | Computer Name = PRIVATO-1595252 | Source = Service Control Manager | ID = 7026

Description = All'avvio non è stato possibile caricare i seguenti driver: SBRE

Error - 14/02/2013 7.24.45 | Computer Name = PRIVATO-1595252 | Source = ipnathlp | ID = 30013

Description = L'allocatore DHCP si è disabilitato sull'indirizzo IP 192.168.1.7,

poiché

l'indirizzo IP non rientra nell'ambito 192.168.0.0/255.255.255.0 da cui gli indirizzi

vengono allocati ai client DHCP. Per abilitare l'allocatore DHCP su questo indirizzo

IP, modificare l'ambito per includere l'indirizzo IP o modificare l'indirizzo IP

in modo che rientri nell'ambito.

Error - 14/02/2013 11.55.35 | Computer Name = PRIVATO-1595252 | Source = Service Control Manager | ID = 7022

Description = Servizio Serv Updater bloccato in partenza.

Error - 14/02/2013 11.55.35 | Computer Name = PRIVATO-1595252 | Source = Service Control Manager | ID = 7026

Description = All'avvio non è stato possibile caricare i seguenti driver: SBRE

Error - 14/02/2013 11.56.28 | Computer Name = PRIVATO-1595252 | Source = ipnathlp | ID = 30013

Description = L'allocatore DHCP si è disabilitato sull'indirizzo IP 192.168.1.7,

poiché

l'indirizzo IP non rientra nell'ambito 192.168.0.0/255.255.255.0 da cui gli indirizzi

vengono allocati ai client DHCP. Per abilitare l'allocatore DHCP su questo indirizzo

IP, modificare l'ambito per includere l'indirizzo IP o modificare l'indirizzo IP

in modo che rientri nell'ambito.

Error - 14/02/2013 12.20.20 | Computer Name = PRIVATO-1595252 | Source = Service Control Manager | ID = 7022

Description = Servizio Serv Updater bloccato in partenza.

Error - 14/02/2013 12.20.20 | Computer Name = PRIVATO-1595252 | Source = Service Control Manager | ID = 7026

Description = All'avvio non è stato possibile caricare i seguenti driver: SBRE

Error - 14/02/2013 12.20.46 | Computer Name = PRIVATO-1595252 | Source = Service Control Manager | ID = 7024

Description = Servizio HitmanPro 3.7 Crusader (Boot) terminato. Errore specifico

del servizio 0 (0x0).

Error - 14/02/2013 12.20.48 | Computer Name = PRIVATO-1595252 | Source = ipnathlp | ID = 30013

Description = L'allocatore DHCP si è disabilitato sull'indirizzo IP 192.168.1.7,

poiché

l'indirizzo IP non rientra nell'ambito 192.168.0.0/255.255.255.0 da cui gli indirizzi

vengono allocati ai client DHCP. Per abilitare l'allocatore DHCP su questo indirizzo

IP, modificare l'ambito per includere l'indirizzo IP o modificare l'indirizzo IP

in modo che rientri nell'ambito.

< End of report >

aswMBR.txt

MBR.zip

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao francocamoli :)

Avvia OTL.exe .

  • Copia e incolla il testo scritto all'interno del box quote in analisi personalizzate/correzioni .

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzu...q={SearchTerms}
IE - HKCU\..\SearchScopes\{B4251155-7D25-4dbe-8868-EA6FF830C8BD}: "URL" = http://search.chatzu...q={searchTerms}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2013/02/14 17.20.48 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

:Files
ipconfig /flushdns /c

:Commands
[EMPTYFLASH]
[RESETHOST]
[CREATERESTOREPOINT]
[REBOOT]

  • Quindi fare clic su Fix Run situato nella parte superiore.
  • Lasciare che il programma esegua senza ostacoli il suo lavoro, quando avra' terminato, si riavviera' in automatico. In caso contrario, si prega di riavviare il sistema manualmente.
    Postare il log che viene rilasciato

Dopo

Scarica AdwCleaner by Xplode sul tuo desktop

Chiudere tutti i programmi e le pagine internet aperte.

Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.

Fare clic su Elimina.

Confermare ogni volta con Ok.

Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.

Si prega di inviare il contenuto di tale file di log nela risposta successiva.

È possibile trovare il file di log anche in C:\AdwCleaner [s1] txt ..

Poi

Disattiva AntiVirus e AntiSpyware, di solito tramite un click destro del mouse sull'icona di notifica situata sulla system tray. Essi possono interferire con questi tools. Nota: Se si ha difficolta' a disabilitare correttamente i programmi di protezione, o non si e' sicuri su quali programmi devono essere disabilitati, fare riferimento alle informazioni disponibili a questo link : Come disabilitare i programmi di sicurezza

====================================================

Doppio click su combofix.exe & seguire le istruzioni

Quando finito, il programma produrra' un log. Includi C:\ComboFix.txt nella tua prossima risposta, per ulteriori revisioni

Nella tua prossima risposta inserisci

OTL da script

AdwCleaner log

Log di combofix

Non allegare, copia incolla il risultato di ogni log

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Allego i risultati per come mi è stato chiesto:

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4251155-7D25-4dbe-8868-EA6FF830C8BD}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4251155-7D25-4dbe-8868-EA6FF830C8BD}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

C:\WINDOWS\system32\drivers\etc\hosts.ics moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Configurazione IP di Windows

Svuotata la cache del resolver DNS.

C:\Documents and Settings\Franco\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Franco\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: Franco

->Flash cache emptied: 36801 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[RESETHOST]> in the current context!

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02162013_082843

# AdwCleaner v2.112 - Logfile creato il 16/02/2013 alle 08:43:15

# Aggiornamento 10/02/2013 by Xplode

# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)

# Utente : Franco - PRIVATO-1595252

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Documents and Settings\Franco\Documenti\Downloads\adwcleaner0.exe

# Opzioni [Elimina]

***** [servizi] *****

***** [File / Cartelle] *****

File Eliminato : C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\searchplugins\Search-web.xml

File Eliminato : C:\END

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Crossrider

Chiave Eliminata : HKCU\Software\InstallCore

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Chiave Eliminata : HKCU\Software\Softonic

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Chiave Eliminata : HKLM\Software\Iminent

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

-\\ Mozilla Firefox v18.0.2 (it)

File : C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\prefs.js

C:\Documents and Settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\user.js ... Eliminato !

Eliminata : user_pref("extensions.wajam.affiliate_id", "3004");

Eliminata : user_pref("extensions.wajam.firstrun", "false");

Eliminata : user_pref("extensions.wajam.log_send_info", "false");

Eliminata : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]

Eliminata : user_pref("extensions.wajam.no_trace", "false");

Eliminata : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");

Eliminata : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]

Eliminata : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]

Eliminata : user_pref("extensions.wajam.trace_log", "");

Eliminata : user_pref("extensions.wajam.unique_id", "7BF5DF6DE6CDA5EA42FCB08C0310422A");

Eliminata : user_pref("extensions.wajam.user_current_mapping_version", "0");

Eliminata : user_pref("extensions.wajam.version", "1.25");

Eliminata : user_pref("id_chatzum.firstlaunch", "0");

Eliminata : user_pref("id_chatzum.guid", "%7BCA8D6A63-514D-DB83-D627-DF7138A7702D%7D");

Eliminata : user_pref("id_chatzum.hiddenvisual", 0);

Eliminata : user_pref("id_chatzum.oldHomepage", "");

Eliminata : user_pref("id_chatzum.openSearchEngineName", "Google");

Eliminata : user_pref("id_chatzum.searchengine", "Google");

Eliminata : user_pref("id_chatzum.variables.SVar1", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar10", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar2", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar3", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar4", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar5", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar6", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar7", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar8", "%13");

Eliminata : user_pref("id_chatzum.variables.SVar9", "%13");

Eliminata : user_pref("id_chatzum.variables.Var1", "0");

Eliminata : user_pref("id_chatzum.variables.Var10", "0");

Eliminata : user_pref("id_chatzum.variables.Var2", "0");

Eliminata : user_pref("id_chatzum.variables.Var3", "0");

Eliminata : user_pref("id_chatzum.variables.Var4", "0");

Eliminata : user_pref("id_chatzum.variables.Var5", "0");

Eliminata : user_pref("id_chatzum.variables.Var6", "0");

Eliminata : user_pref("id_chatzum.variables.Var7", "0");

Eliminata : user_pref("id_chatzum.variables.Var8", "0");

Eliminata : user_pref("id_chatzum.variables.Var9", "0");

Eliminata : user_pref("id_chatzum_installed_version", "1.0.15");

Eliminata : user_pref("id_chatzum_tabpage", "");

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[s1].txt - [4751 octets] - [16/02/2013 08:43:15]

########## EOF - C:\AdwCleaner[s1].txt - [4811 octets] ##########

ComboFix 13-02-15.01 - Franco 16/02/2013 8.56.30.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2743 [GMT 1:00]

Eseguito da: c:\documents and settings\Franco\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Creati Da 2013-01-16 al 2013-02-16 )))))))))))))))))))))))))))))))))))

.

.

2013-02-16 07:28 . 2013-02-16 07:28 -------- d-----w- C:\_OTL

2013-02-14 16:08 . 2013-02-14 16:18 30616 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys

2013-02-14 16:06 . 2013-02-14 16:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro

2013-02-13 17:06 . 2013-02-13 17:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2013-02-07 10:32 . 2013-02-07 10:32 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-02-07 10:32 . 2013-02-07 10:32 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-02-02 18:36 . 2013-02-02 18:36 -------- d-----w- c:\windows\system32\NtmsData

2013-01-30 17:01 . 2013-01-30 17:01 -------- d--h--w- c:\windows\system32\GroupPolicy

2013-01-30 10:26 . 2009-07-07 19:10 151552 ----a-w- c:\windows\system32\ANIWConnService.exe

2013-01-30 10:26 . 2009-09-07 13:58 270336 ----a-w- c:\windows\system32\wnicapi.dll

2013-01-30 10:25 . 2009-02-26 10:22 237568 ----a-w- c:\windows\system32\ANIWPS.exe

2013-01-30 10:25 . 2009-09-02 10:00 733184 ----a-w- c:\windows\system32\ANIOWPS.dll

2013-01-30 10:25 . 2009-07-17 15:23 479360 ----a-w- c:\windows\system32\Dr71WU98.sys

2013-01-30 10:25 . 2007-05-12 13:44 247808 ----a-w- c:\windows\system32\rt25u98.sys

2013-01-30 10:25 . 2005-11-18 14:21 2048 ----a-w- c:\windows\system32\rt73.bin

2013-01-21 16:41 . 2013-01-21 16:41 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-21 16:04 . 2012-08-22 09:19 11832 ----a-w- c:\windows\acpimof.dll

2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Autodesk, Inc

2013-01-21 10:38 . 2013-01-21 16:40 -------- d-----w- c:\programmi\Mozilla Thunderbird

2013-01-19 11:09 . 2013-01-19 11:09 -------- d-----w- c:\programmi\Smart PC Solutions

2013-01-17 16:48 . 2013-01-17 16:48 -------- d-----w- c:\documents and settings\Franco\Dati applicazioni\ABBYY

2013-01-17 15:58 . 2013-01-18 11:40 -------- d-----w- c:\programmi\ABBYY FineReader 11

2013-01-17 15:56 . 2013-01-17 15:56 -------- d-----w- c:\programmi\MSXML 6.0

2013-01-17 11:52 . 2013-01-17 17:40 -------- d-----w- C:\Downloads

2013-01-17 11:46 . 2013-01-18 16:30 -------- d-----w- c:\documents and settings\Franco\Dati applicazioni\Free Download Manager

2013-01-17 11:45 . 2013-01-17 11:46 -------- d-----w- c:\programmi\Free Download Manager

2013-01-17 11:36 . 2013-01-17 11:36 -------- d-----w- C:\Temp

2013-01-17 10:40 . 2013-01-17 10:43 -------- d-----w- c:\programmi\Google

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-08 11:28 . 2012-07-11 17:43 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-08 11:28 . 2012-07-11 17:43 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-07 10:32 . 2012-07-12 17:39 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-07 10:32 . 2012-07-12 17:39 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-26 03:55 . 2004-08-19 13:39 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-22 15:56 . 2008-04-11 08:11 233472 ----a-w- C:\VC_RED.MSI

2013-01-22 15:55 . 2008-04-11 06:03 95248 ----a-w- C:\install.res.1040.dll

2013-01-07 07:24 . 2004-08-19 15:34 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-07 07:24 . 2004-08-19 13:34 2196736 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 10:09 . 2004-08-19 13:31 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-19 13:39 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-19 13:39 1297408 ----a-w- c:\windows\system32\quartz.dll

2012-12-26 20:06 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:06 . 2004-08-19 13:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-26 20:06 . 2004-08-19 13:39 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-24 06:41 . 2004-08-19 13:26 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:23 . 2004-08-19 13:37 290560 ----a-w- c:\windows\system32\atmfd.dll

2013-02-07 09:14 . 2013-02-07 09:13 262552 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"BCU"="c:\programmi\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]

"HDAudDeck"="c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe" [2011-06-24 41101936]

"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]

"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]

"Autodesk Sync"="c:\programmi\Autodesk\Autodesk Sync\AdSync.exe" [2012-07-25 387048]

"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]

"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]

"RegisterDropHandler"="c:\programmi\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe" [bU]

"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\Franco\Menu Avvio\Programmi\Esecuzione automatica\

reminder-ScanSoft Product Registration.lnk - c:\programmi\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe [2012-7-16 45056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Gigabyte Wireless Utility.lnk]

path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Gigabyte Wireless Utility.lnk

backup=c:\windows\pss\Gigabyte Wireless Utility.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]

2012-09-17 02:06 1348176 ----a-w- c:\programmi\ABBYY FineReader 11\Bonus.ScreenshotReader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D4FA186C7C3D35A290E347A94C5158F1409C0725._service_run]

2013-01-26 02:35 1248208 ----a-w- c:\programmi\Google\Chrome\Application\chrome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]

2012-06-19 16:46 11324352 ----a-w- c:\programmi\Innovative Solutions\DriverMax\drivermax.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2010-10-12 11:56 979328 ----a-w- c:\programmi\Epson Software\Event Manager\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000]

2013-01-27 10:59 249440 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIHLE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5]

2012-01-30 09:02 315392 ----a-w- c:\programmi\MSI\Live Update 5\BootStartLiveupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RalinkRegistryWriter"=2 (0x2)

"BCUService"=2 (0x2)

"AODService"=2 (0x2)

"ABBYY.Licensing.FineReader.Sprint.9.0"=2 (0x2)

"ABBYY.Licensing.FineReader.Professional.11.0"=2 (0x2)

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

"c:\\Programmi\\Mozilla Thunderbird\\thunderbird.exe"=

"c:\\Programmi\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Documents and Settings\\Franco\\Impostazioni locali\\Dati applicazioni\\Akamai\\netsession_win.exe"=

"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"50248:TCP"= 50248:TCP:Autodesk Content Service

.

R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [22/07/2012 16.15.52 102728]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/07/2012 17.55.37 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14/07/2012 17.55.39 361032]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 22.40.52 497952]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 22.40.52 32640]

R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [30/01/2013 11.26.58 151552]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/07/2012 17.55.39 21256]

R2 cpwnt;cpwnt;c:\windows\system32\drivers\Cpwnt.sys [16/07/2012 16.05.49 21824]

R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [29/03/2011 9.02.24 88688]

R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [20/07/2012 19.49.46 19072]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16/07/2012 19.13.46 103040]

R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [09/07/2012 16.39.08 82032]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [09/07/2012 16.33.57 41728]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/07/2012 14.19.49 2801904]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 Autodesk Content Service;Autodesk Content Service;c:\programmi\Autodesk\Content Service\Connect.Service.ContentService.exe [31/01/2012 9.46.56 19232]

S2 ServUpdater;Serv Updater;c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [23/07/2012 11.49.24 156160]

S3 cpuz135;cpuz135;c:\programmi\CPUID\PC Wizard 2012\pcwiz_x32.sys [16/01/2013 9.41.56 24880]

S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [14/02/2013 17.08.20 30616]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\programmi\MSI\Live Update 5\msibios32_100507.sys --> c:\programmi\MSI\Live Update 5\msibios32_100507.sys [?]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\programmi\MSI\Live Update 5\NTIOLib.sys [21/01/2013 17.04.04 7680]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11/07/2012 18.05.59 27064]

S4 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\programmi\ABBYY FineReader 11\NetworkLicenseServer.exe [19/07/2012 16.07.51 821840]

S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 16.07.14 759048]

S4 AODService;AODService;c:\programmi\AMD\OverDrive\AODAssist.exe [01/07/2010 3.45.02 136616]

S4 BCUService;Browser Configuration Utility Service;c:\programmi\DeviceVM\Browser Configuration Utility\BCUService.exe [15/10/2009 13.11.48 223464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 18:49 1607120 ----a-w- c:\programmi\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 11:29]

.

2013-02-16 c:\windows\Tasks\avast! Emergency Update.job

- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-14 22:50]

.

2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2013-01-17 10:40]

.

2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2013-01-17 10:40]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://it.yahoo.com?fr=fp-comodo

uInternet Settings,ProxyOverride = <local>

IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: I&nvia a OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm

IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm

IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm

IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm

TCP: Interfaces\{842C711C-8A30-4013-ACC5-6B75DA3F6BD8}: NameServer = 212.216.112.112,212.216.176.62

TCP: Interfaces\{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}: NameServer = 212.216.112.112,212.216.176.62

FF - ProfilePath - c:\documents and settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it

FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=ytff-comodo&p=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-01-17 12:46; fdm_ffext@freedownloadmanager.org; c:\programmi\Free Download Manager\Firefox\Extension

.

.

------- Associazioni dei file -------

.

.scr=AutoCADScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-16 09:02

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scansione processi nascosti ...

.

scansione entrate autostart nascoste ...

.

Scansione files nascosti ...

.

.

C:\avast! sandbox

.

Scansione completata con successo

Files nascosti: 1

.

**************************************************************************

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-606747145-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

.

- - - - - - - > 'winlogon.exe'(1308)

c:\windows\system32\guard32.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'lsass.exe'(1364)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'csrss.exe'(1252)

c:\windows\system32\cmdcsr.dll

.

Ora fine scansione: 2013-02-16 09:05:52

ComboFix-quarantined-files.txt 2013-02-16 08:05

ComboFix2.txt 2013-02-03 11:25

ComboFix3.txt 2013-01-28 12:40

.

Pre-Run: 297.065.021.440 byte disponibili

Post-Run: 297.075.572.736 byte disponibili

.

- - End Of File - - 4424AE82172153C0D8074E09150AA0AF

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao francocamoli :ciao:

La console di ripristino non è stata installata sulla vostra macchina. Noi la installeremo manualmente ora, nel caso in cui qualcosa vada storto. Con strumenti potenti come ComboFix è preferibile non rischiare.L'Installazione della console di ripristino richiede solo pochi minuti.

Si prega di fare click quì

Ora, scaricare i dischi di installazione corrispondenti alla propria versione di Windows XP. Si prega di collocare il file sul desktop.

KB310994.gif

Disconnettersi da internet e disabilitare TUTTI i software di protezione! ComboFix è sul punto di modificare alcuni file di sistema critici e nessun software di protezione potrà interferire con questo.

Successivamente, trascinare il file eseguibile di Microsoft in ComboFix.

RC1-4.gif

Si prega di seguire le istruzioni che ComboFix ti dà. Quando vi viene chiesto se si desidera continuare la scansione alla ricerca di malware, fare clic su

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Che Dio ce la mandi buona, ho fatto tutto come richiesto, allego log di combofix.

Ciao da Francesco.

ComboFix 13-02-15.01 - Franco 17/02/2013 12.19.56.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2718 [GMT 1:00]

Eseguito da: c:\documents and settings\Franco\Desktop\ComboFix.exe

Opzioni usate :: c:\documents and settings\Franco\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Creati Da 2013-01-17 al 2013-02-17 )))))))))))))))))))))))))))))))))))

.

.

2013-02-16 08:28 . 2013-02-16 08:28 -------- d-----w- C:\VritualRoot

2013-02-16 07:28 . 2013-02-16 07:28 -------- d-----w- C:\_OTL

2013-02-14 16:08 . 2013-02-14 16:18 30616 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys

2013-02-14 16:06 . 2013-02-14 16:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro

2013-02-13 17:06 . 2013-02-13 17:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2013-02-07 10:32 . 2013-02-07 10:32 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-02-07 10:32 . 2013-02-07 10:32 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-02-02 18:36 . 2013-02-02 18:36 -------- d-----w- c:\windows\system32\NtmsData

2013-01-30 17:01 . 2013-01-30 17:01 -------- d--h--w- c:\windows\system32\GroupPolicy

2013-01-30 10:26 . 2009-07-07 19:10 151552 ----a-w- c:\windows\system32\ANIWConnService.exe

2013-01-30 10:26 . 2009-09-07 13:58 270336 ----a-w- c:\windows\system32\wnicapi.dll

2013-01-30 10:25 . 2009-02-26 10:22 237568 ----a-w- c:\windows\system32\ANIWPS.exe

2013-01-30 10:25 . 2009-09-02 10:00 733184 ----a-w- c:\windows\system32\ANIOWPS.dll

2013-01-30 10:25 . 2009-07-17 15:23 479360 ----a-w- c:\windows\system32\Dr71WU98.sys

2013-01-30 10:25 . 2007-05-12 13:44 247808 ----a-w- c:\windows\system32\rt25u98.sys

2013-01-30 10:25 . 2005-11-18 14:21 2048 ----a-w- c:\windows\system32\rt73.bin

2013-01-21 16:41 . 2013-01-21 16:41 -------- d-----w- c:\windows\system32\wbem\Repository

2013-01-21 16:04 . 2012-08-22 09:19 11832 ----a-w- c:\windows\acpimof.dll

2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Autodesk, Inc

2013-01-21 10:38 . 2013-01-21 16:40 -------- d-----w- c:\programmi\Mozilla Thunderbird

2013-01-19 11:09 . 2013-01-19 11:09 -------- d-----w- c:\programmi\Smart PC Solutions

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-08 11:28 . 2012-07-11 17:43 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-08 11:28 . 2012-07-11 17:43 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-07 10:32 . 2012-07-12 17:39 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-07 10:32 . 2012-07-12 17:39 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-26 03:55 . 2004-08-19 13:39 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-22 15:56 . 2008-04-11 08:11 233472 ----a-w- C:\VC_RED.MSI

2013-01-22 15:55 . 2008-04-11 06:03 95248 ----a-w- C:\install.res.1040.dll

2013-01-07 07:24 . 2004-08-19 15:34 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-07 07:24 . 2004-08-19 13:34 2196736 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 10:09 . 2004-08-19 13:31 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-19 13:39 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-19 13:39 1297408 ----a-w- c:\windows\system32\quartz.dll

2012-12-26 20:06 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:06 . 2004-08-19 13:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-26 20:06 . 2004-08-19 13:39 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-24 06:41 . 2004-08-19 13:26 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:23 . 2004-08-19 13:37 290560 ----a-w- c:\windows\system32\atmfd.dll

2013-02-07 09:14 . 2013-02-07 09:13 262552 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"BCU"="c:\programmi\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]

"HDAudDeck"="c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe" [2011-06-24 41101936]

"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]

"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]

"Autodesk Sync"="c:\programmi\Autodesk\Autodesk Sync\AdSync.exe" [2012-07-25 387048]

"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]

"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]

"RegisterDropHandler"="c:\programmi\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe" [bU]

"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\Franco\Menu Avvio\Programmi\Esecuzione automatica\

reminder-ScanSoft Product Registration.lnk - c:\programmi\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe [2012-7-16 45056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Gigabyte Wireless Utility.lnk]

path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Gigabyte Wireless Utility.lnk

backup=c:\windows\pss\Gigabyte Wireless Utility.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]

2012-09-17 02:06 1348176 ----a-w- c:\programmi\ABBYY FineReader 11\Bonus.ScreenshotReader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D4FA186C7C3D35A290E347A94C5158F1409C0725._service_run]

2013-01-26 02:35 1248208 ----a-w- c:\programmi\Google\Chrome\Application\chrome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]

2012-06-19 16:46 11324352 ----a-w- c:\programmi\Innovative Solutions\DriverMax\drivermax.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2010-10-12 11:56 979328 ----a-w- c:\programmi\Epson Software\Event Manager\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5]

2012-01-30 09:02 315392 ----a-w- c:\programmi\MSI\Live Update 5\BootStartLiveupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RalinkRegistryWriter"=2 (0x2)

"BCUService"=2 (0x2)

"AODService"=2 (0x2)

"ABBYY.Licensing.FineReader.Sprint.9.0"=2 (0x2)

"ABBYY.Licensing.FineReader.Professional.11.0"=2 (0x2)

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

"c:\\Programmi\\Mozilla Thunderbird\ hunderbird.exe"=

"c:\\Programmi\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Documents and Settings\\Franco\\Impostazioni locali\\Dati applicazioni\\Akamai\\netsession_win.exe"=

"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"50248:TCP"= 50248:TCP:Autodesk Content Service

.

R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [22/07/2012 16.15.52 102728]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/07/2012 17.55.37 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14/07/2012 17.55.39 361032]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 22.40.52 497952]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 22.40.52 32640]

R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [30/01/2013 11.26.58 151552]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/07/2012 17.55.39 21256]

R2 cpwnt;cpwnt;c:\windows\system32\drivers\Cpwnt.sys [16/07/2012 16.05.49 21824]

R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [29/03/2011 9.02.24 88688]

R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [20/07/2012 19.49.46 19072]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16/07/2012 19.13.46 103040]

R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [09/07/2012 16.39.08 82032]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [09/07/2012 16.33.57 41728]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/07/2012 14.19.49 2801904]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 Autodesk Content Service;Autodesk Content Service;c:\programmi\Autodesk\Content Service\Connect.Service.ContentService.exe [31/01/2012 9.46.56 19232]

S2 ServUpdater;Serv Updater;c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [23/07/2012 11.49.24 156160]

S3 cpuz135;cpuz135;c:\programmi\CPUID\PC Wizard 2012\pcwiz_x32.sys [16/01/2013 9.41.56 24880]

S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [14/02/2013 17.08.20 30616]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\programmi\MSI\Live Update 5\msibios32_100507.sys --> c:\programmi\MSI\Live Update 5\msibios32_100507.sys [?]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\programmi\MSI\Live Update 5\NTIOLib.sys [21/01/2013 17.04.04 7680]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11/07/2012 18.05.59 27064]

S4 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\programmi\ABBYY FineReader 11\NetworkLicenseServer.exe [19/07/2012 16.07.51 821840]

S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 16.07.14 759048]

S4 AODService;AODService;c:\programmi\AMD\OverDrive\AODAssist.exe [01/07/2010 3.45.02 136616]

S4 BCUService;Browser Configuration Utility Service;c:\programmi\DeviceVM\Browser Configuration Utility\BCUService.exe [15/10/2009 13.11.48 223464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 18:49 1607120 ----a-w- c:\programmi\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 11:29]

.

2013-02-17 c:\windows\Tasks\avast! Emergency Update.job

- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-14 22:50]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2013-01-17 10:40]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programmi\Google\Update\GoogleUpdate.exe [2013-01-17 10:40]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://it.yahoo.com?fr=fp-comodo

uInternet Settings,ProxyOverride = <local>

IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: I&nvia a OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm

IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm

IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm

IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm

TCP: Interfaces\{842C711C-8A30-4013-ACC5-6B75DA3F6BD8}: NameServer = 212.216.112.112,212.216.176.62

TCP: Interfaces\{EE51336A-80D1-4D62-B308-9B5C4EA5E67B}: NameServer = 212.216.112.112,212.216.176.62

FF - ProfilePath - c:\documents and settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\smcqhl0i.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it

FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=ytff-comodo&p=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-01-17 12:46; fdm_ffext@freedownloadmanager.org; c:\programmi\Free Download Manager\Firefox\Extension

.

.

------- Associazioni dei file -------

.

.scr=AutoCADScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-17 12:25

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scansione processi nascosti ...

.

scansione entrate autostart nascoste ...

.

Scansione files nascosti ...

.

Scansione completata con successo

Files nascosti: 0

.

**************************************************************************

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-606747145-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

.

- - - - - - - > 'winlogon.exe'(1320)

c:\windows\system32\guard32.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'lsass.exe'(1376)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'csrss.exe'(1264)

c:\windows\system32\cmdcsr.dll

.

Ora fine scansione: 2013-02-17 12:26:55

ComboFix-quarantined-files.txt 2013-02-17 11:26

ComboFix2.txt 2013-02-16 08:05

ComboFix3.txt 2013-02-03 11:25

ComboFix4.txt 2013-01-28 12:40

.

Pre-Run: 297.904.553.984 byte disponibili

Post-Run: 297.888.538.624 byte disponibili

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - F207AEC58B77C6BD2B8117677E5F3055

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ok hai fatto un buon lavoro :anna:

Scaricare . Malwarebytes 'Anti-Malware sul desktop

  • Doppio - click su mbam - setup .exe e seguire le istruzioni per installare il programma .
  • Alla fine dell'installazione, di default, un segno di spunta è posizionato accanto a Aggiorna Malwarebytes 'Anti -Malware e Avvia Malwarebytes ' Anti - Malware , quindi cliccare Fine .
  • Se un viene trovato un aggiornamento , verrà scaricato e installato .
  • Una volta che il programma e' stato caricato , selezionare Eseguire scansione rapida , poi cliccare Scan .
  • Quando la scansione è completa , cliccare OK , poi Mostra Risultati per visualizzare i risultati .
  • Siate sicuri che tutto sia selezionato , quindi cliccare Remove Selected .
  • Quando completato il tutto , si aprirà un log in blocco note .
  • I log possono essere trovati qui :
    C : \ Documents e Settings \ nome utente \ Dati Applicazioni \ Malwarebytes \ Malwarebytes 'Anti-Malware \ Logs \ log [data] txt .
    O in
    C: \ Programmi \ Malwarebytes ' Anti - Malware \ Logs \ log - data . txt
  • Posta il log nella tua prossima risposta

ESET on-line scan

Eseguire una scansione con ESET Online Scanner

Nota: Sarà necessario utilizzare Internet Explorer per questa scansione .

  • Selezionare la casella accanto a Yes, I accept the Terms of Use.
  • Cliccare su Start
  • Quando richiesto consentire il controllo ActiveX per installare
  • Cliccare su Start
  • Assicurarsi che le opzioni Rimuovi minacce trovate e Scansione delle applicazioni indesiderate siano selezionate
  • Cliccare su Scan
    Attendere il termine della scansione
  • Usa Notepad per aprire il file di log situato in C:\Program Files\EsetOnlineScanner\log.txt
  • Copia/Incolla il log nella tua risposta successiva

Fammi sapere come va il tuo pc, inoltre elencami, se presenti, eventuali problemi

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ieri, dopo sette ore di scansione con ESET, ho fatto un errore madornale spuntando alla chiusura del programma la casella disinstalla programma e quindi non mi ha salvato il log. Comunque sembra aver trovato ed eliminato alcuni elementi che riguardavano il sito Softonic (forse non importanti). Ho rifatto la scansione (altre sette ore), anche se non serve a niente, e stavolta ho salvato il log. Il pc sembra vada bene, l'unico inconveniente che è rimasto è la barra delle applicazioni che sparisce per circa 90 secondi e poi riappare (forse dovuto a qualche contrasto con alcune applicazioni in avvio).

Allego log di Malware-bit e di Eset.

Malwarebytes Anti-Malware (Prova) 1.70.0.1100

www.malwarebytes.org

Versione database: v2013.02.18.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Franco :: PRIVATO-1595252 [amministratore]

Protezione: Disattivata

18/02/2013 8.52.06

mbam-log-2013-02-18 (08-52-06).txt

Tipo di scansione: Scansione veloce

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 218089

Tempo impiegato: 9 minuti, 2 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 0

(non sono stati rilevati elementi nocivi)

(fine)

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=ea8e25c48ededa48b6cbf61713b079f0

# engine=13181

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-02-19 12:44:13

# local_time=2013-02-19 01:44:13 (+0100, ora solare Europa occidentale)

# country="Italy"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=774 16777213 100 94 9022845 137944525 0 0

# compatibility_mode=3074 16777213 100 100 2451845 78239067 0 0

# scanned=230790

# found=0

# cleaned=0

# scan_time=27731

Ciao, Francesco

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao francocamoli

Fammi vedere cosa trova JRT

thisisujrt.gif Scarica Junkware Removal Tool sul desktop.

  • Arrestare il software di protezione ora per evitare potenziali conflitti
  • Eseguire lo strumento facendo doppio clic. Se si utilizza Windows Vista, 7, o 8, invece di doppio clic, destro del mouse su JRT.exe clic e selezionare "Esegui come amministratore".
  • Lo strumento si apre e avvia la scansione del sistema.
  • Si prega di essere pazienti in quanto ciò potrebbe richiedere del tempo per completare a seconda delle specifiche del sistema.
  • Al termine, un log (JRT.txt) viene salvato sul desktop, si apre automaticamente
  • Post i contenuti di JRT.txt nel messaggio successivo

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Saluti da Francesco, allego log JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.5 (02.18.2013:1)

OS: Microsoft Windows XP x86

Ran by Franco on 20/02/2013 at 12.09.43,01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

Failed to delete: [Registry Key] hkey_classes_root\clsid\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

Failed to delete: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Franco\Dati applicazioni\mozilla\firefox\profiles\smcqhl0i.default\prefs.js

user_pref("extensions.crossrider.bic", "138b4f15c712069ca6b93009063d916f");

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor

user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ

user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\\\:\\\\/\\\\/msxml\\\\.excite\\\\.com\\\\/search\\\\/.*");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20/02/2013 at 12.19.46,31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao francocamoli

Fammi sapere se i problemi con la barra persistono

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao da Francesco.

Ieri, finita la scansione con JRT, ho cercato di riavviare il pc, ma si è bloccato, non si riavviava, i programmi si aprivano molto in ritardo o addirittura non si aprivano, in internet non ne parliamo proprio, dopo cira mezzora di tentativi ho riavviato forzatamente, ma al successivo riavvio era tutto uguale a prima (ho notato che ad aprirsi si apriva velocemente, il problema era a chiudersi o riavviarsi), comunque, dopo un altro tentativo di forse un'ora a riavviarsi (era fermo alla schermata "attendere chiusura"), ho riavviato in modalità provvisoria, ho tolto avvio selettivo ed rimesso avvio normale, dopo è andato tutto bene, tranne che per la barra che continua a sparire e riapparire.

Stamattina ho notato lo stesso problema, ho riavviato forzatamente e poi è andato tutto bene (tranne per la barra che compare, poi lo schermo flasha, la barra sparisce e riappare dopo i famosi 90 sec. circa). In questo preciso momento in cui sto scrivendo (scrivo da un altro pc), ho aperto il pc ed è andato tutto bene, tranne che per la solita barra.

Se serve da aiuto, giorni fa, in attesa di una tua risposta e consigliandomi con un amico, ho tolto tutti i programmi in avvio ed i servizi non di windows e di sistema ed il problema alla barra pareva risolto, poi, a due o a tre alla volta (perchè erano troppi servizi ed avevo paura a riavviare per ogni sevizio), ho messo di nuovo i servizi ed i programmi in avvio ed ad un certo punto la barra ha ricominciato con quel problema, però non sono riuscito a capire quale era il servizio che dava fastidio.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao francocamoli,

Esegui questi tool:

Si prega di scaricare Windows Repair (all in one) da qui

Installare il programma quindi eseguirlo

Andare al passo 2 ed eseguire Disco di controllo

img-resized.pngCapture3.gif

Una volta fatto ciò, passare al punto 3 ed eseguire SFC

Capture.gif

Sul tab Start Repair => Fare clic su Start

7fthj.png

Fare clic su casella di controlloSeleziona tutti e quindi fare clic su Start

NON usare il computer mentre la scansione è in corso.

Un riavvio può essere necessario per completare la procedura di riparazione

Dopo

  • Scaricare ServicesRepair e salvarlo sul desktop
    • Fare doppio clic su ServicesRepair.exe .
    • Se le notifiche di protezione vengono visualizzate, fare clic su Continua o Esegui e quindi fare clic su quando viene chiesto se si desidera procedere.
    • Una volta che lo strumento ha terminato, verrà richiesto di riavviare il computer. Fare clic su per riavviare.
    • Un registro verrà salvato nella cartella CCSupport dello strumento creato sul desktop, si prega di inviare il contenuto nella risposta successiva.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ho eseguito windows repair, ma mi sa che ha rovinato tutto; al riavvio è comparso lo schermo con la barra fissa e tutte le icone, ma non riuscivo a cliccare a niente, ho cercato di aprire gestione attività con ctrl+alt+canc, ma non si apriva, insomma ho dovuto riavviare forzatamente e mi è uscito lo schermo blu con l'errore che ho fotografato e vi posto.

PS. Ho cercato di riavviare in modalità provvisoria, ma non si avvia e mi dice che "l'installazione di windows non può avvenire in modalità provvisoria", ma in modalità normale mi da sempre la schermata blu, non so più cosa fare; non vorrei che il programma mi abbia cancellato qualche file di sistema importante perchè alla schermata in modalità provvisoria, mi segnalava Windows XP PROFESSIONAL SP 2 ed invece io ho la SP 3

im000497.jpg

Uploaded with ImageShack.us

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao franco

Devi avere qualche driver danneggiato che ti ha fatto crashare il sistema, al momento cerchiamo di ripristinare il sistema dopo si vede il da farsi

Ripristiniamo il sistema

Come avviare il tuo pc usando "Ultima Configurazione Sicuramente Funzionante"

  • Avvia il tuo PC.
  • Quando viene visualizzato il messaggio "Selezionare il sistema operativo da avviare", premere il tasto F8.
  • Quando viene visualizzato il menù opzioni avanzate di Windows utilizzare i tasti di direzione per selezionare Ultima configurazione sicuramente funzionante (le impostazioni funzionanti più recenti), e quindi premere INVIO.
  • Se si eseguono altri sistemi operativi sul computer, utilizzare i tasti di direzione per selezionare Microsoft Windows XP, quindi premere INVIO.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Oggi ho aperto il pc e, miracolo, si è aperto normalmente; la barra aveva sempre quell'effetto ed in più la scheda di rete aveva perso l'indirizzo ip statico che ho dovuto reimmetterlo per far funzionare internet (per altro, come sistema non è cambiato niente, mi indica Windows XP PROFESSIONAL SP3).

Allora ho pensato di continuare con la seconda scansione che mi hai chiesto nel penultimo post e al riavvio il pc ha rallentato di nuovo e solo adesso si è sbloccato e va bene, sempre dopo un altro riavvio.

A proposito, per risponderti all'ultimo post che mi hai mandato, ieri avevo già provato sia la modalità provvisoria che "l'ultima sicuramente funzionante", e non avevo risolto niente.

Allego log di Services Repair.

Ciao da Francesco.

Log Opened: 2013-02-22 @ 17:51:23

17:51:23 - -----------------

17:51:23 - | Begin Logging |

17:51:23 - -----------------

17:51:23 - Fix started on a WIN_XP X86 computer

17:51:23 - Prep in progress. Please Wait.

17:51:28 - Prep complete

17:51:28 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Setup> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Epoch> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv> failed with: Accesso negato.

SetACL finished successfully.

17:51:35 - Services Repair Complete.

17:51:44 - Reboot Initiated

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao franco,

Ripeti Service repair come Amministratore, tasto destro e "Esegui come Amministratore"

Fammi sapere se possiedi il disco di installazione, credo che dovremo eseguire una riparazione da disco

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Allego log di Service Repair, ma non mi fa entrare come amministratore, sono registrato come utente unico.

Per il cd di installazione non ho quello di questa versione di xp, ma quella della prima installazione di xp prima di formattare e cambiare componenti (ultimamente ho cambiato il processore+scheda madre+hard disk e quindi una nuova installazione di xp probabilmente diversa dalla precedente anche se il tecnico che mi ha fatto le modifiche è lo stesso). Se va bene il primo dischetto (sempre xp professional), sono anche disposto a formattare eventualmente. Fammi sapere. Ciao da Franco Camoli.

P.S - Stamattina il pc va bene.

Log Opened: 2013-02-22 @ 17:51:23

17:51:23 - -----------------

17:51:23 - | Begin Logging |

17:51:23 - -----------------

17:51:23 - Fix started on a WIN_XP X86 computer

17:51:23 - Prep in progress. Please Wait.

17:51:28 - Prep complete

17:51:28 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Setup> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Epoch> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv> failed with: Accesso negato.

SetACL finished successfully.

17:51:35 - Services Repair Complete.

17:51:44 - Reboot Initiated

Log Opened: 2013-02-22 @ 18:07:04

18:07:04 - -----------------

18:07:04 - | Begin Logging |

18:07:04 - -----------------

18:07:04 - Fix started on a WIN_XP X86 computer

18:07:04 - Prep in progress. Please Wait.

18:07:09 - Prep complete

18:07:09 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Setup> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Epoch> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv> failed with: Accesso negato.

SetACL finished successfully.

18:07:12 - Services Repair Complete.

18:07:18 - Reboot Initiated

Log Opened: 2013-02-23 @ 10:29:27

10:29:27 - -----------------

10:29:27 - | Begin Logging |

10:29:27 - -----------------

10:29:27 - Fix started on a WIN_XP X86 computer

10:29:27 - Prep in progress. Please Wait.

10:29:32 - Prep complete

10:29:32 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BITS> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Setup> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess\Epoch> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\SharedAccess> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wscsvc> failed with: Accesso negato.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. Better run SetACL with admin rights.

INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Enum> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Security> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv\Parameters> failed with: Accesso negato.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\wuauserv> failed with: Accesso negato.

SetACL finished successfully.

10:29:36 - Services Repair Complete.

10:30:54 - Reboot Initiated

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao franco

Non importa se hai cambiato qualce HW, il sistema operativo e' quello che conta.

Al momento non dovremmo formattare, a meno che non si riesce a riparare col dischetto.

Ma se al momento il pc sta andando bene allora lasciamo tutto intatto.

Fai una cosa, usalo fino a domani il pc, poi mi dici se hai riscontrato problemi.

PS, non provare a disinstallare nessuno dei tool che abbiamo usato

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti
Ospite
Questa discussione è chiusa.
Vai alla lista Discussioni HiJackThis - Posta qui i Log