Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?

Apple MacBook Air M3: chi deve davvero comprarlo? La recensione
Apple MacBook Air M3: chi deve davvero comprarlo? La recensione
A distanza di circa 8 mesi arriva l’importante aggiornamento dei MacBook Air: nessun cambiamento estetico, ma una revisione hardware interna con l’upgrade al processore M3. Le prestazioni migliorano rispetto alle generazioni precedenti, e questo fa sorgere una domanda spontanea: a chi è rivolto oggi questo laptop? Cerchiamo di capirlo nella nostra recensione 
ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ultrawide si fondono
ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ultrawide si fondono
Da ASUS un monitor particolare ma molto completo: principalmente indirizzato al videogiocatore, può essere sfruttato con efficacia anche per attività creative e di produzione multimediale
Dreame L10s Pro Ultra Heat: la pulizia di casa tutta sostanza
Dreame L10s Pro Ultra Heat: la pulizia di casa tutta sostanza
Il nuovo robot aspirapolvere domestico di Dreame abbina funzionalità complete a un moccio flottante che raggiunge al meglio gli angoli delle pareti. Un prodotto tutto in uno semplice da utilizzare ma molto efficace, in grado di rispondere al meglio alle necessità di pulizia della casa
Tutti gli articoli Tutte le news

Vai al Forum
Rispondi
 
Strumenti
Old 25-01-2011, 18:43   #1
sereno25
Junior Member
 
Iscritto dal: Feb 2006
Messaggi: 28
Avire rileva TR/ATRAPS.GEN2

ciao a tutti.
qualche giorno fa, avira ha cominciato a rilevare il trojan tr/atraps.gen2
all'interno del file 'C:\Windows\PatchFul.exe'.

ho sempre fatto negare l'accesso, ed il computer non dava particolari problemi.
tuttavia per sicurezza ho eseguito le scansioni da voi consigliate nella guida e posterei qui i logs relativi.
vi sarei grato se poteste darci un'occhiata.

da segnalare che dopo la scansione con emisoft anti-malware e prima di quella con f.secure ho fatto una scansione con avira che mi ha segnalato numerosi files infetti, spostati in quarantena.
l'unico che ho dovuto spostare in quarantena manualmente in modalità provvisoria è stato proprio patchful.exe

da allora avira non ha pià segnalato nulla, e le scansioni con gli altri programmi son stati tutte negative. il computer non segnala problemi.
quello che vorrei capire è:
devo/posso tenere per sempre patchful.exe in quarantena?
quale sarebbe la funzione di questo file normalmente?

grazie mille per l'aiuto.

(segue post con i logs)

Ultima modifica di sereno25 : 25-01-2011 alle 19:18.
sereno25 è offline   Rispondi citando il messaggio o parte di esso
Old 25-01-2011, 19:17   #2
sereno25
Junior Member
 
Iscritto dal: Feb 2006
Messaggi: 28
ecco i logs, purtroppo non mi è stato possibile eseguirli in rapida successione, ma nell'arco di un due tre giorni.

malwarebytes:
allegato

emisoft:
a2scan_110120-235241.txt

avira:
AVSCAN-20110121-191137-8EC889DF.LOG

f-secure:
23gennaio11.txt

Cureit:
cureit filtrato.txt

sysinspector:
SysInspector-ALBERTO-PC-110124-0534.xml

hijackfree:
HiJackFree.log

gmer:
non mi ha salvato il log, comunque era negativo. non segnalava nulla.

prevx3.0:
prevx20110124.log
Allegati
File Type: txt mbam-log-2011-01-21 (18-52-00).txt (1.2 KB, 1 visite)
sereno25 è offline   Rispondi citando il messaggio o parte di esso
Old 26-01-2011, 12:36   #3
xcdegasp
Moderatore
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
hai saltato la pulizia con atf--cleaner, assolutamente necessaria per eliminare la cache e cronologia del browser, locazioni appunto usate dai malware per annidarsi e rigenerarsi nei successivi riavvii di windows.
quindi sei cortesemente invitato a farla quanto prima.

poi produci un nuovo log con malwarebytes

avira è obsoleto, aggiorna alla nuova versionee abilita la scansione delle applicazioni potenzialmente pericolose e integrità file system

manca il log di emsisoftware antimalware
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Old 26-01-2011, 20:35   #4
sereno25
Junior Member
 
Iscritto dal: Feb 2006
Messaggi: 28
grazie,
ho eseguito atf cleaner (prima non l'avevo fatto perchè pensavo fosse incompatibile con windows 7),

rieseguito scan con malwarebyte:
mbam-log-2011-01-26 (18-21-56).txt

aggiornato avira alla versione 10:
AVSCAN-20110126-193132-C241CA8B.LOG

il log di emsisoft è nel post sopra, chiamato erroneamente "emisoft".
(tra l'altro emsisoft mi ha messo in quarantena un file della cartella di prevx...)

inoltre ho inviato a virustotal il file patchful.exe e risulta segnalato solo da avira.

probabilmente si tratta di un falso allarme, ma sarei grato se poteste fugare gli ultimi dubbi.
grazie ancora, ciao
sereno25 è offline   Rispondi citando il messaggio o parte di esso
Old 26-01-2011, 22:34   #5
xcdegasp
Moderatore
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
non hai aggiornato malwarebytes che èrestato con le definizioni vecchie, rifai la scansione completa perfavore

puoi fare un nuovo log anche di emsisoft?

per la domanda sul falso positivo.. se puoi pubblicare l'indirizzo per visionare i risultati di virustotasl te ne sarei grato
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Old 27-01-2011, 19:06   #6
sereno25
Junior Member
 
Iscritto dal: Feb 2006
Messaggi: 28
ho aggiornato il database di malwarebytes
Quote:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 5617

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/01/2011 15:32:30
mbam-log-2011-01-27 (15-32-30).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 260670
Tempo trascorso: 36 minuti, 32 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
e rieseguito emsisoft:
Quote:
Emsisoft Anti-Malware - Versione 5.1
Ultimo aggiornamento: 27/01/2011 16:59:08

Impostazioni scansione:

Tipo scansione: Completa
Oggetti: Memoria, Tracce, Cookies, C:\, E:\
Archivio scansioni: On
Euristica: Off
Scansione ADS: On

Scansione avviata: 27/01/2011 17:00:07

C:\Users\Alberto\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-458c86c2/vload.class rilevati: JAVA.ClassLoad!IK
C:\Users\Alberto\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-458c86c2/vmain.class rilevati: JAVA.Remote!IK

Scansionati

File: 322397
Tracce: 586552
Cookies: 0
Processi: 59

Rilevato

File: 2
Tracce: 0
Cookies: 0
Processi: 0
Chiavi di Registro: 0

Fine scansione: 27/01/2011 18:39:35
Tempo scansione: 1:39:28

C:\Users\Alberto\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-458c86c2/vmain.class In quarantena JAVA.Remote!IK
C:\Users\Alberto\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-458c86c2/vload.class In quarantena JAVA.ClassLoad!IK

In quarantena

File: 2
Tracce: 0
Cookies: 0
riguardo a virus total, ho tolto dalla quarantena patchful.exe, l'ho inviato, ma stavolta neppure avira lo segnava come infetto.
http://www.virustotal.com/file-scan/...8f-1296151306#
sereno25 è offline   Rispondi citando il messaggio o parte di esso
Old 27-01-2011, 20:00   #7
xcdegasp
Moderatore
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
puoi frami ora un nuovo log con hijackfree e uno con hijackthis?
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Old 28-01-2011, 08:54   #8
sereno25
Junior Member
 
Iscritto dal: Feb 2006
Messaggi: 28
ecco i due logs:

hijackthis.log

HiJackFree110128.log

grazie ancora
sereno25 è offline   Rispondi citando il messaggio o parte di esso
Old 28-01-2011, 10:30   #9
xcdegasp
Moderatore
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
riesegui HiJackThis optando per l'opzione "Scan Only", al termine il pulsante in basso a sinistra si chiamerà "Fix Checked", quindi seleziona le righe da fixare e premi tale tasto.
fixa:
Codice:
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
poi vai al seguente link http://secunia.com/vulnerability_scanning/online/ , premi "start scanner", nella nuova finestra metti il segno di spunta sulla casella "Enable thorough system inspection" e poi premi "start", dopo qualche minuto ti mostrerà l'elenco del software da aggiornare

la toolbar di skype è fonte di problemi nelle ultime versioni quindi te l'ho fatta disabilitare, non è comunque indispensabile per il corretto funzionamento di skype


poi riavvia e dimmi se hai ancora problemi al pc
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Old 28-01-2011, 14:49   #10
sereno25
Junior Member
 
Iscritto dal: Feb 2006
Messaggi: 28
seguito indicazioni.
per ora non ci sono problemi.
grazie mille dell'aiuto!
sereno25 è offline   Rispondi citando il messaggio o parte di esso
Old 23-07-2012, 10:43   #11
kurtdc
Senior Member
 
Iscritto dal: Jun 2007
Messaggi: 579
riesumo questo post
anche il pc di mio padre è stato infettato da questo virus.

Ho disattivato avira e fatto una scansion con combofix, ecco il log!

se ci sono altre cose che devo fare, ditemi pure, poi le faccio stasera dal pc di mio padre!

grazie mille
Allegati
File Type: txt ComboFix.txt (19.2 KB, 5 visite)
kurtdc è offline   Rispondi citando il messaggio o parte di esso
Old 23-07-2012, 22:48   #12
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da kurtdc Guarda i messaggi
riesumo questo post
anche il pc di mio padre è stato infettato da questo virus.

Ho disattivato avira e fatto una scansion con combofix, ecco il log!

se ci sono altre cose che devo fare, ditemi pure, poi le faccio stasera dal pc di mio padre!

grazie mille
Scarica sul [Desktop] OTL http://oldtimer.geekstogo.com/OTL.exe
  1. doppio click sull'icona per avviarlo
  2. metti il segno di spunta su Scan All Users
  3. clicca Quick Scan
  4. al termine della scansione allega i due log OTL.Txt e Extras.Txt
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 23-07-2012, 23:28   #13
kurtdc
Senior Member
 
Iscritto dal: Jun 2007
Messaggi: 579
ok appena finisco li allego.
intanto avevo cominciato a seguire la procedura del vostro tutorial ed ho eseguito atf-cleaner, Malwarebytes (del quale non trovo il log :/) e emsisof antimalware del quale allego il log

Codice:
Emsisoft Anti-Malware - Versione 6.6
Ultimo aggiornamento: 23/07/2012 22.02.23

Impostazioni scansione:

Tipo scansione: Completa
Oggetti: Rootkits, Memoria, Tracce, C:\, D:\, F:\
Archivio scansioni: On
Scansione ADS: On

Scansione avviata:	23/07/2012 22.03.19

Key: hkey_classes_root\typelib\{aed3a6b0-2171-11d2-b77c-0008c73aca8f} 	rilevati: Trace.Registry.nicesoftkeylogger!E1
Key: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{14e61a41-8846-11d2-b7e4-0008c73aca8f} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{1e6d8684-755d-4847-bf40-68ec5e4bc1e9} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{23e86816-772b-4b28-a924-a135cff6469a} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{3a037057-57f0-4904-a1e0-ad0ea2fb564e} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{41dba1fa-44f6-4bd5-82df-1a7fdea0475d} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{56930358-ad72-408f-83c4-a2b0dc8037b2} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{607a06fe-2fda-4adc-854d-d016d98d83db} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{65c53be7-ed21-4c25-b189-da0e8fad5231} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{0c21b3b1-2b11-45f2-8a9e-dcc5032de98a} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{821aafe5-2f19-47eb-aca9-3b4c1d64ac27} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{08b9999c-dad2-4353-b25b-8ccaffca4d16} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{aed3a6b1-2171-11d2-b77c-0008c73aca8f} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{b89d0e7a-0f5b-40ee-8af3-08fa2ed9534f} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{cf2ed965-e0ba-4fe4-ade2-38bd48f112e8} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{e05aea1e-bcb1-473a-8b2a-4829d9e1ad23} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.attachment 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.attachments 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.headers 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.message 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{684130b2-2b8a-4e8d-be71-8f4052882076} 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pgpdecoderesult 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pgpdecoderesultcollection 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pgpdecoderesults 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pop3 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.recipient 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.recipients 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.smtpmail 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.speedmailer 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.messages 	rilevati: Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.mailmerge 	rilevati: Trace.Registry.nicespy!E1
Value: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Key: hkey_classes_root\interface\{952f0b99-50b6-44b3-ae0d-700d5b98b416} 	rilevati: Trace.Registry.nicespy!E1
Value: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel 	rilevati: Trace.Registry.xp keylogger 5.0!E1

Scansionati	520225
Rilevato	74

Fine scansione:	23/07/2012 22.50.38
Tempo scansione:	0:47:19

Value: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_local_machine\software\classes\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.xp keylogger 5.0!E1
Value: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Value: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel	In quarantena Trace.Registry.pc james bond 007!E1
Key: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{14e61a41-8846-11d2-b7e4-0008c73aca8f}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{1e6d8684-755d-4847-bf40-68ec5e4bc1e9}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{23e86816-772b-4b28-a924-a135cff6469a}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{3a037057-57f0-4904-a1e0-ad0ea2fb564e}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{41dba1fa-44f6-4bd5-82df-1a7fdea0475d}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{56930358-ad72-408f-83c4-a2b0dc8037b2}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{607a06fe-2fda-4adc-854d-d016d98d83db}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{65c53be7-ed21-4c25-b189-da0e8fad5231}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{0c21b3b1-2b11-45f2-8a9e-dcc5032de98a}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{821aafe5-2f19-47eb-aca9-3b4c1d64ac27}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{08b9999c-dad2-4353-b25b-8ccaffca4d16}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{aed3a6b1-2171-11d2-b77c-0008c73aca8f}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{b89d0e7a-0f5b-40ee-8af3-08fa2ed9534f}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{cf2ed965-e0ba-4fe4-ade2-38bd48f112e8}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{e05aea1e-bcb1-473a-8b2a-4829d9e1ad23}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.attachment	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.attachments	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.headers	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.message	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{684130b2-2b8a-4e8d-be71-8f4052882076}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pgpdecoderesult	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pgpdecoderesultcollection	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pgpdecoderesults	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.pop3	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.recipient	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.recipients	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.smtpmail	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.speedmailer	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.messages	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\jmail.mailmerge	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\interface\{952f0b99-50b6-44b3-ae0d-700d5b98b416}	In quarantena Trace.Registry.nicespy!E1
Key: hkey_classes_root\typelib\{aed3a6b0-2171-11d2-b77c-0008c73aca8f}	In quarantena Trace.Registry.nicesoftkeylogger!E1

In quarantena	74
kurtdc è offline   Rispondi citando il messaggio o parte di esso
Old 23-07-2012, 23:31   #14
kurtdc
Senior Member
 
Iscritto dal: Jun 2007
Messaggi: 579
OTL.txt

Codice:
OTL logfile created on: 23/07/2012 23.18.14 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Lanfranco\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 50,92% Memory free
11,92 Gb Paging File | 9,42 Gb Available in Paging File | 79,05% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,84 Gb Total Space | 87,28 Gb Free Space | 30,75% Space Free | Partition Type: NTFS
Drive D: | 14,25 Gb Total Space | 1,97 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 69,77 Gb Free Space | 62,42% Space Free | Partition Type: NTFS
 
Computer Name: PC-LANFRANCO | User Name: Lanfranco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012/07/23 23.17.50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lanfranco\Desktop\OTL.exe
PRC - [2012/07/23 22.01.59 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/07/12 12.23.52 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/05 18.41.46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/20 13.18.08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/05/26 06.32.24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Lanfranco\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/17 21.08.14 | 000,525,680 | ---- | M] (NDS Technologies) -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe
PRC - [2012/04/17 21.08.12 | 006,467,944 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe
PRC - [2012/02/23 13.30.40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/03 15.26.35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/02/03 15.26.26 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/02/03 15.26.24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/02/03 15.26.24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/02/03 15.26.23 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010/10/27 20.17.52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11.27.44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11.19.26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/07 09.13.10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/28 01.23.46 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009/02/28 01.23.42 | 002,732,032 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2009/01/26 15.31.10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/12 18.01.46 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2007/12/27 16.39.30 | 000,166,520 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2007/12/27 16.39.20 | 000,051,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
PRC - [2007/04/18 17.01.34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/20 12.14.00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe
PRC - [2006/12/19 19.23.20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/17 21.09.26 | 000,091,464 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\z.dll
MOD - [2012/04/17 21.09.22 | 000,274,272 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\ndsLogStore.dll
MOD - [2012/04/17 21.09.18 | 001,402,712 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\libxml2-2.dll
MOD - [2012/04/17 21.09.02 | 000,688,488 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\libgstreamer-0.10.dll
MOD - [2012/04/17 21.08.22 | 007,070,048 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\gsttspplugin.dll
MOD - [2012/04/17 21.08.12 | 006,467,944 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe
MOD - [2012/04/17 21.08.06 | 002,033,504 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\DrmSingleton.dll
MOD - [2011/06/24 22.56.36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22.56.14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 08.28.21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/03/12 15.45.32 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2008/11/21 13.58.42 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2007/04/19 09.33.00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/12/16 16.44.44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/07/23 22.01.59 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/07/12 12.23.56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 18.41.46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 09.06.04 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/06/05 15.17.44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/22 13.51.04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/02/03 15.26.35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/03 15.26.26 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/02/03 15.26.24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/15 01.25.24 | 000,017,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GWSoftware\GWSINC2\GWSINCs.exe -- (GWSINC)
SRV - [2010/12/10 18.36.54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/03/18 14.16.28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11.19.26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/30 06.42.14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/28 01.23.46 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009/02/28 01.23.42 | 002,732,032 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2008/12/22 22.33.36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/20 19.54.25 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/02/03 12.00.00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007/12/27 16.39.30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/12/27 16.39.20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2007/12/17 15.00.00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 15.02.00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/20 12.14.00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)
SRV - [2006/12/19 19.23.20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/04/22 13.51.38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/02/29 15.52.46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12.01.50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/03 15.26.50 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/02/03 15.26.50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/02/03 15.26.49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/01/12 09.28.48 | 000,057,976 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2012/01/09 17.28.20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/01/09 17.28.20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/01/09 17.28.20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/01/09 17.28.18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2009/10/01 02.51.42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/21 08.07.26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/08/20 07.02.06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009/05/18 13.17.08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01.14.20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 08.16.39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/04/11 07.39.37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009/03/13 10.55.38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/03/06 19.10.10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/02/27 08.20.52 | 000,743,552 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/02/27 08.20.46 | 000,663,040 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/12/18 11.14.18 | 000,076,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\eusk3usb-amd64.sys -- (eusk3usb)
DRV:64bit: - [2008/10/21 12.59.54 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys -- (RT73)
DRV:64bit: - [2008/10/13 14.25.16 | 000,023,424 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AsusVRC64.sys -- (ASUSVRC64)
DRV:64bit: - [2008/01/21 04.49.47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/21 04.46.57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/06/24 22.56.56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2007/06/24 22.56.42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2007/06/24 22.56.36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2007/03/05 21.47.08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btnetdrv.sys -- (BT)
DRV:64bit: - [2007/03/05 21.42.54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV:64bit: - [2007/03/05 21.41.34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vbtenum.sys -- (BTHidEnum)
DRV:64bit: - [2007/03/05 21.39.28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - [2007/03/05 21.38.20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm)
DRV:64bit: - [2007/01/31 18.01.00 | 000,320,512 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV - [2012/04/30 18.45.28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 14.10.34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2007/06/24 22.56.56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/24 22.56.42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/24 22.56.36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/03/05 21.47.08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 21.42.54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 21.41.34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007/03/05 21.39.28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 21.38.20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)
DRV - [1997/05/30 00.00.00 | 000,021,824 | ---- | M] (Micropi Elettronica - Italia) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\CPWNT.SYS -- (cpwnt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=84&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4DEA7E06-C11A-457C-81B1-D4F9610952FC}
IE:64bit: - HKLM\..\SearchScopes\{4DEA7E06-C11A-457C-81B1-D4F9610952FC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
IE:64bit: - HKLM\..\SearchScopes\{536F10F2-25F0-4526-A1FD-C087730B8A02}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=84&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {4DEA7E06-C11A-457C-81B1-D4F9610952FC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4DEA7E06-C11A-457C-81B1-D4F9610952FC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
IE - HKLM\..\SearchScopes\{536F10F2-25F0-4526-A1FD-C087730B8A02}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lanfranco\Desktop
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=050412_30b&babsrc=SP_ss&mntrId=f2f84dfc000000000000001583311b14
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{42C47554-4932-4386-B538-E9554AF3CC4C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADRA_it
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{4DEA7E06-C11A-457C-81B1-D4F9610952FC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{536F10F2-25F0-4526-A1FD-C087730B8A02}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPCShowPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lanfranco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (NDS)
 
 
[2010/02/14 18.13.54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lanfranco\AppData\Roaming\mozilla\Extensions
[2010/02/14 18.13.54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lanfranco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Iminent (Enabled) = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Lanfranco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Iminent = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Gmail = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/22 22.00.23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [Akamai NetSession Interface] C:\Users\Lanfranco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [PCShowServer] C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe (NDS Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Download with iphone-transfer-platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Download with iphone-transfer-platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} http://192.168.1.130/DVROcxEx.cab (Controllo DVR remoto)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://demo.hrcctv.com:6803/WebClient.exe (WebClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37F72512-9BBB-4C53-8091-0708A104008E}: DhcpNameServer = 62.101.93.101 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67F61A35-7EA5-44E5-8A03-842BCF4D477C}: DhcpNameServer = 62.101.93.101 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/10 02.37.40 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/23 23.17.21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lanfranco\Desktop\OTL.exe
[2012/07/23 23.04.59 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\Avira
[2012/07/23 22.59.35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/07/23 22.59.15 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Local\AskToolbar
[2012/07/23 22.59.09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/07/23 22.59.04 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Local\APN
[2012/07/23 22.58.51 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/07/23 22.58.51 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/07/23 22.58.51 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/07/23 22.58.49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/07/23 22.58.49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/07/23 22.04.33 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\f-secure
[2012/07/23 22.04.22 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/07/23 21.54.27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/07/23 21.54.07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/07/23 21.54.07 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\Documents\Anti-Malware
[2012/07/23 21.44.38 | 139,009,208 | ---- | C] (Emsisoft GmbH                                               ) -- C:\Users\Lanfranco\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/07/23 19.50.37 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2012/07/22 22.00.28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/22 21.44.06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 21.44.06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 21.44.06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 20.24.50 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Lanfranco\Desktop\ComboFix.exe
[2012/07/22 20.14.28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 20.14.17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/22 20.01.33 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/19 19.46.10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/19 19.46.07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/19 19.46.07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/19 08.50.57 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/07/18 11.11.10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/18 11.10.29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/07/18 10.52.58 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\SpeedyPC Software
[2012/07/18 10.52.58 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\DriverCure
[2012/07/18 10.52.49 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/17 17.34.52 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/07/11 14.14.08 | 000,016,948 | ---- | C] (Micropi Elettronica - Italia) -- C:\Windows\SysNative\cpwin32.dll
[2012/07/11 14.10.51 | 000,021,824 | ---- | C] (Micropi Elettronica - Italia) -- C:\Windows\SysWow64\drivers\CPWNT.SYS
[2012/07/11 14.10.51 | 000,016,948 | ---- | C] (Micropi Elettronica - Italia) -- C:\Windows\SysWow64\CPWIN32.DLL
[2012/07/11 11.11.12 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\Desktop\Prog_lanf
[2012/07/11 09.45.00 | 000,000,000 | ---D | C] -- C:\Dispense
[2012/07/10 12.02.05 | 000,000,000 | ---D | C] -- C:\FastWeb
[2012/07/10 10.45.32 | 000,000,000 | ---D | C] -- C:\Norme CEI orig
[2012/07/06 12.24.32 | 000,356,352 | ---- | C] (TDP5) -- C:\Windows\SysWow64\th264codec.dll
[2012/07/06 12.24.32 | 000,282,624 | ---- | C] (tvt) -- C:\Windows\SysWow64\tvtxtdec.dll
[2012/07/06 12.24.32 | 000,239,888 | ---- | C] (Microcrap Corporation) -- C:\Windows\SysWow64\mpg4ds32.ax
[2012/07/06 12.24.32 | 000,090,112 | ---- | C] (tvt) -- C:\Windows\SysWow64\tvtacodec.dll
[2012/07/06 12.24.32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter
[2012/07/06 12.24.31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ControlCenter
[2012/07/06 09.10.14 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced LAN Scanner
[2012/07/06 09.10.14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced LAN Scanner
[2012/07/06 09.10.14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced LAN Scanner
[2012/07/01 18.27.18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webclient
[2012/07/01 18.06.08 | 000,000,000 | ---D | C] -- C:\DVR TVCC
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/23 23.17.50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lanfranco\Desktop\OTL.exe
[2012/07/23 23.14.00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/23 23.00.02 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/23 22.59.35 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/23 22.58.05 | 087,765,048 | ---- | M] () -- C:\Users\Lanfranco\Desktop\avira_free_antivirus_it.exe
[2012/07/23 21.54.27 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/07/23 21.53.57 | 139,009,208 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Users\Lanfranco\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/07/23 21.39.25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 21.39.25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 21.39.24 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/23 21.39.19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 19.59.58 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 19.49.00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012/07/22 22.00.23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 20.13.44 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Lanfranco\Desktop\ComboFix.exe
[2012/07/20 07.51.17 | 000,001,736 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/07/19 19.46.11 | 000,001,099 | ---- | M] () -- C:\Users\Lanfranco\Desktop\Spybot - Search & Destroy.lnk
[2012/07/18 10.40.57 | 000,487,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/17 19.19.36 | 000,000,732 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\d3d9caps64.dat
[2012/07/17 17.44.18 | 000,253,280 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\census.cache
[2012/07/17 17.44.04 | 000,212,204 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\ars.cache
[2012/07/17 17.33.28 | 000,000,036 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\housecall.guid.cache
[2012/07/11 13.34.52 | 000,072,704 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/10 10.56.18 | 000,796,602 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/07/10 10.56.18 | 000,711,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/10 10.56.18 | 000,177,552 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/07/10 10.56.18 | 000,150,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/10 10.56.17 | 001,834,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/06 12.24.35 | 000,000,689 | ---- | M] () -- C:\Users\Public\Desktop\CMS.lnk
[2012/07/03 13.46.44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/23 22.59.35 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/23 22.53.29 | 087,765,048 | ---- | C] () -- C:\Users\Lanfranco\Desktop\avira_free_antivirus_it.exe
[2012/07/23 21.54.27 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/07/22 21.44.06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 21.44.06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 21.44.06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 21.44.06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 21.44.06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/20 07.49.57 | 000,001,736 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/07/19 19.46.11 | 000,001,099 | ---- | C] () -- C:\Users\Lanfranco\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 19.19.36 | 000,000,732 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\d3d9caps64.dat
[2012/07/17 17.44.18 | 000,253,280 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\census.cache
[2012/07/17 17.44.04 | 000,212,204 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\ars.cache
[2012/07/17 17.33.28 | 000,000,036 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\housecall.guid.cache
[2012/07/06 12.24.32 | 000,003,001 | ---- | C] () -- C:\Windows\SysWow64\th264codec.inf
[2012/07/06 12.24.32 | 000,002,740 | ---- | C] () -- C:\Windows\SysWow64\xvid.inf
[2012/07/06 12.24.32 | 000,002,693 | ---- | C] () -- C:\Windows\SysWow64\mpg4vki.inf
[2012/07/06 12.24.32 | 000,002,635 | ---- | C] () -- C:\Windows\SysWow64\tvtacodec.inf
[2012/07/06 12.24.32 | 000,002,442 | ---- | C] () -- C:\Windows\SysWow64\tvtxt.inf
[2012/07/06 12.24.31 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\amd422codec.dll
[2012/07/06 12.24.31 | 000,000,689 | ---- | C] () -- C:\Users\Public\Desktop\CMS.lnk
[2012/01/15 19.23.56 | 000,002,048 | -HS- | C] () -- C:\Users\Lanfranco\AppData\Local\{f317ba24-2b9b-bfdd-2e40-b3c57242fcd6}\@
[2011/12/04 20.17.43 | 000,003,072 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\CatSpy.db
[2011/05/09 19.57.37 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/05/09 19.57.36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\Unrar.dll
[2011/04/26 17.58.49 | 000,000,680 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\d3d9caps.dat
[2010/01/24 15.28.22 | 000,000,253 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\ANICONFIG_{788B98D4-554E-40A0-8630-E6479E4F64B1}.ini
[2009/07/30 06.59.55 | 000,373,136 | ---- | C] () -- C:\Users\Lanfranco\definitivi cecere.bak
[2009/04/26 19.45.33 | 000,026,311 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\UserTile.png
[2009/03/15 18.55.45 | 000,000,000 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\wklnhst.dat
[2008/12/27 17.11.45 | 000,072,704 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/24 17.06.32 | 000,000,097 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\fusioncache.dat
 
========== LOP Check ==========
 
[2011/12/24 21.08.06 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Any Video Converter
[2008/12/20 20.25.46 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Autodesk
[2010/06/02 15.08.20 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\avidemux
[2012/07/18 10.52.58 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\DriverCure
[2012/04/25 19.06.28 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Epson
[2012/07/23 22.04.33 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\f-secure
[2011/12/24 21.51.54 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\FTWeak
[2011/12/24 20.35.17 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\GlarySoft
[2012/04/07 19.51.39 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Iminent
[2011/06/24 22.24.49 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\ImTOO
[2010/06/02 15.25.24 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\MotionDSP
[2010/01/06 21.09.34 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Nokia
[2010/01/06 21.09.06 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Nokia Ovi Suite
[2009/11/08 18.24.38 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Nseries
[2010/05/04 20.54.37 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\PC Suite
[2011/11/01 20.10.04 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\pdfforge
[2012/03/08 19.01.33 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\ProgettoGWDXF
[2012/07/18 10.52.58 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\SpeedyPC Software
[2009/03/15 18.55.47 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Template
[2010/02/14 18.13.54 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\TomTom
[2011/11/19 21.04.13 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Uniblue
[2010/09/14 19.25.26 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\VSRevoGroup
[2008/12/27 22.43.55 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\WinBatch
[2010/10/03 13.47.31 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Winsome Technologies
[2012/07/23 19.49.00 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012/04/10 19.04.23 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/07/23 21.38.04 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/05/20 17.28.12 | 000,000,000 | ---D | M](C:\??) -- C:\ྱ嬷
[2012/05/20 17.28.12 | 000,000,000 | ---D | C](C:\??) -- C:\ྱ嬷
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 1360 bytes -> C:\Users\Lanfranco\AppData\Roaming\CatSpy.db:mystream

< End of report >
Extras.txt

Codice:
OTL Extras logfile created on: 23/07/2012 23.18.14 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Lanfranco\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 50,92% Memory free
11,92 Gb Paging File | 9,42 Gb Available in Paging File | 79,05% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,84 Gb Total Space | 87,28 Gb Free Space | 30,75% Space Free | Partition Type: NTFS
Drive D: | 14,25 Gb Total Space | 1,97 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 69,77 Gb Free Space | 62,42% Space Free | Partition Type: NTFS
 
Computer Name: PC-LANFRANCO | User Name: Lanfranco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
.wsf [@ = WSFFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 67 3D C5 9F 8E 60 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON PX810FW Series" = EPSON PX810FW Series Printer Uninstall
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacchetto driver Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"NVIDIA Drivers" = NVIDIA Drivers
"Vista Codec x64 Components_is1" = Vista Codec x64 Components
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00286B0F-07D2-4970-8B2E-53BA20FC2E12}" = GWDXF
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FF63C7-6D9E-49F4-9018-BD269A1492C9}" = ASUS Popup TV
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{108CEDEA-0633-4D91-B7A0-CCE8E519A49C}" = Tuttonormel - VIP
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1D37596A-408C-4C55-8FE2-85011195801E}" = TiMH200
"{1DBDE93C-F3C7-413B-B5DF-48B786DB34EC}" = TiDisplayColorIP
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (GWSUITEAAD)
"{2CBEBD86-65F0-454B-B50B-90841D3E16AA}" = PriMus-K
"{2E62D235-2489-404F-ADC4-D1AEB65F8C6C}" = GW64-8
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FCBB015-7570-4C22-8BB5-415C79DF1FA5}" = PriMus
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{3BFED551-630D-4C5E-A90F-A6B7E9CF3CA0}" = PriMus-DCF v.UNICO
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B95A7D0-AF67-4916-9433-C18B9969E9D4}" = PS-Utility
"{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent
"{52FF2065-56A2-43B4-B9E8-4A623174CA46}" = GWPRICE
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{53FFE38E-F9B3-446D-B4BD-6F310AD689A5}_is1" = GWPBT-Q
"{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55D8440D-6577-46DC-9571-8E5E3046AC11}" = ASUS US2-400 Utilities
"{5783F2D7-5001-0410-0002-0060B0CE6BBA}" = AutoCAD 2007 - Italiano
"{5CDCB19B-1C44-46EE-82D6-3FA85A531DE8}" = ArcSoft TotalMedia 3.5
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67C33B30-493A-4EB3-9F0B-0C569FC4B92E}" = GW3708
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6B20EE79-2049-49BC-BC46-17A040EE3C2E}" = PS-Wizard
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)
"{98018842-DAF7-4722-BD01-936715DE2052}" = GWSINC
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A366D473-A2F0-47F0-9B8F-493D41F1E867}" = GWCAP
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A724A1A4-1521-4E7F-A7C6-6D6FF9590CA3}" = Prysmian JDC 3.1.2
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A95000000001}" = Adobe Reader 9.5.1 - Italiano
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA40B9FF-8FC0-4B50-83C5-A4A9A8078126}" = GWCAD
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C2229A1A-AC81-42E4-B514-98A71BB436F0}" = ASUS GadgeTV
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DED1CBFB-42C2-47C8-AEE0-9324DEA51B69}" = GWSTART
"{E1839F1F-7E5A-47A0-94D3-8272DD636B9E}_is1" = TestiMP3
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E5EDA1E6-5FDD-4B29-8399-6022B81C3A7C}" = ControlCenter
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{FEC1DF97-E716-4CD8-A55B-75C373912D35}" = Sky Go Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"7-Zip" = 7-Zip 4.62
"ABBSoftwareDesktop2" = ABB Software Desktop 2
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced LAN Scanner v1.0 BETA 1" = Advanced LAN Scanner v1.0 BETA 1
"Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 9.5
"Akamai" = Akamai NetSession Interface Service
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"DOC2" = ABB DOC2
"eMule AdunanzA" = AdunanzA
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON PERFECTION V500 PHOTO User’s Guide" = EPSON PERFECTION V500 PHOTO Manual
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Guida utente" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manuale
"FairUse Wizard 2" = FairUse Wizard 2
"FBDBServer_2_1_is1" = Firebird 2.1.2.18118 (Win32)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"Google Chrome" = Google Chrome
"GWCAD" = GWCAD
"IMBoosterARP" = Iminent
"ImTOO iPhone Transfer Platinum" = ImTOO iPhone Transfer Platinum
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MailNavigator v.1.11" = MailNavigator v.1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Nokia Suite" = Nokia Suite
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.94
"SyncBack_is1" = SyncBack
"TiDisplayColorIP 4.0.44" = TiDisplayColorIP 4.0.44
"TiManager 2.0" = TiManager 2.0
"TiMH200" = TiMH200
"TitaniumFax" = TitaniumFax
"Tuttonormel - VIP" = Tuttonormel - VIP
"TVEpaDrv" = ASUS My Cinema US2-400 BDA Drivers
"VLC media player" = VLC media player 1.0.5
"WebClient" = WebClient
"WildTangent hp Master Uninstall" = My HP Games
"XPD" = XPD
"XviD_is1" = XviD MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22/07/2012 16.06.55 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 22/07/2012 16.07.06 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 22/07/2012 16.07.07 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 22/07/2012 18.13.44 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 22/07/2012 18.13.44 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 22/07/2012 18.13.56 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 22/07/2012 18.13.56 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 23/07/2012 3.42.29 | Computer Name = PC-Lanfranco | Source = WinMgmt | ID = 10
Description = 
 
Error - 23/07/2012 10.00.47 | Computer Name = PC-Lanfranco | Source = WinMgmt | ID = 10
Description = 
 
Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 08/02/2012 15.32.03 | Computer Name = PC-Lanfranco | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23/07/2012 15.39.25 | Computer Name = PC-Lanfranco | Source = Print | ID = 19
Description = Spooler di stampa: impossibile condividere la stampante EPSON PX810FW
 Series con nome di risorsa condivisa EPSON PX810FW Series. Errore: 2114. La stampante
 non potrà essere utilizzata da altri utenti della rete.
 
Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23/07/2012 15.40.25 | Computer Name = PC-Lanfranco | Source = DCOM | ID = 10016
Description = 
 
Error - 23/07/2012 15.40.33 | Computer Name = PC-Lanfranco | Source = DCOM | ID = 10016
Description = 
 
Error - 23/07/2012 15.41.28 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 23/07/2012 15.41.28 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23/07/2012 16.07.10 | Computer Name = PC-Lanfranco | Source = Application Popup | ID = 1060
Description = Caricamento del driver \??\C:\Users\LANFRA~1\AppData\Local\Temp\OnlineScanner\Anti-Vir
 bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore
 del software per richiedere una versione compatibile del driver.
 
 
< End of report >
kurtdc è offline   Rispondi citando il messaggio o parte di esso
Old 24-07-2012, 16:30   #15
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Allega i log in formato .txt su 1 dei Server qui indicati http://www.hwupgrade.it/forum/showthread.php?t=1751598
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 24-07-2012, 16:45   #16
kurtdc
Senior Member
 
Iscritto dal: Jun 2007
Messaggi: 579
perdonami, nona vevo visto.
eccoli qui

emsisoft.txt

EXTRAS.txt

OTL.txt
kurtdc è offline   Rispondi citando il messaggio o parte di esso
Old 24-07-2012, 17:42   #17
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da kurtdc Guarda i messaggi
perdonami, nona vevo visto.
eccoli qui

emsisoft.txt

EXTRAS.txt

OTL.txt
Ok, mi confermi che Avira rileva ancora il Virus?

Se la risposta è si, scarica sul Desktop SystemLook http://jpshortstuff.247fixes.com/SystemLook_x64.exe

doppio clic per lanciarlo
nella finestra principale, copia ed incolla:
:filefind
services.exe

clicca su LOOK ed allega il log
__________________
Try again and you will be luckier.

Ultima modifica di Chill-Out : 24-07-2012 alle 17:46.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 24-07-2012, 17:44   #18
kurtdc
Senior Member
 
Iscritto dal: Jun 2007
Messaggi: 579
no, l'ho reinstallato e non lo rileva piu
kurtdc è offline   Rispondi citando il messaggio o parte di esso
 Rispondi


Apple MacBook Air M3: chi deve davvero comprarlo? La recensione Apple MacBook Air M3: chi deve davvero comprarlo...
ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ultrawide si fondono ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ul...
Dreame L10s Pro Ultra Heat: la pulizia di casa tutta sostanza Dreame L10s Pro Ultra Heat: la pulizia di casa t...
HONOR Magic6 Pro: come funziona Magic Portal, il modo ''intelligente'' di condividere HONOR Magic6 Pro: come funziona Magic Portal, il...
L'innovazione richiede fiducia: Workday si propone come guida nell'era dell'IA L'innovazione richiede fiducia: Workday si propo...
Prezzo bomba: il super tablet 10.1"...
Google torna sui suoi passi: Pixel 8 ric...
TOP! Display gaming 27" 2560x1440 p...
FuryGPU: un appassionato ha creato da ze...
Regno Unito, rischio apocalisse IA: mili...
Creato un transistor che può esse...
RocketStar FireStar Drive: un propulsore...
Roscosmos: il lancio del razzo spaziale ...
Italia strategica per Oracle. Arriva la ...
Sam-Bankman Fried: 25 anni di reclusione...
Mobility Analytics di WINDTRE Business p...
Il lander lunare JAXA SLIM si è r...
Warframe conquista l'iPhone: senza soluz...
Marvel Rivals!, l'inaspettato shooter Pv...
Twitch aggiorna le linee guida sui conte...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi

Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 08:45.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Served by www3v