|
|
|
|
Strumenti |
25-01-2011, 17:43 | #1 |
Junior Member
Iscritto dal: Feb 2006
Messaggi: 28
|
Avire rileva TR/ATRAPS.GEN2
ciao a tutti.
qualche giorno fa, avira ha cominciato a rilevare il trojan tr/atraps.gen2 all'interno del file 'C:\Windows\PatchFul.exe'. ho sempre fatto negare l'accesso, ed il computer non dava particolari problemi. tuttavia per sicurezza ho eseguito le scansioni da voi consigliate nella guida e posterei qui i logs relativi. vi sarei grato se poteste darci un'occhiata. da segnalare che dopo la scansione con emisoft anti-malware e prima di quella con f.secure ho fatto una scansione con avira che mi ha segnalato numerosi files infetti, spostati in quarantena. l'unico che ho dovuto spostare in quarantena manualmente in modalità provvisoria è stato proprio patchful.exe da allora avira non ha pià segnalato nulla, e le scansioni con gli altri programmi son stati tutte negative. il computer non segnala problemi. quello che vorrei capire è: devo/posso tenere per sempre patchful.exe in quarantena? quale sarebbe la funzione di questo file normalmente? grazie mille per l'aiuto. (segue post con i logs) Ultima modifica di sereno25 : 25-01-2011 alle 18:18. |
25-01-2011, 18:17 | #2 |
Junior Member
Iscritto dal: Feb 2006
Messaggi: 28
|
ecco i logs, purtroppo non mi è stato possibile eseguirli in rapida successione, ma nell'arco di un due tre giorni.
malwarebytes: allegato emisoft: a2scan_110120-235241.txt avira: AVSCAN-20110121-191137-8EC889DF.LOG f-secure: 23gennaio11.txt Cureit: cureit filtrato.txt sysinspector: SysInspector-ALBERTO-PC-110124-0534.xml hijackfree: HiJackFree.log gmer: non mi ha salvato il log, comunque era negativo. non segnalava nulla. prevx3.0: prevx20110124.log |
26-01-2011, 11:36 | #3 |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
hai saltato la pulizia con atf--cleaner, assolutamente necessaria per eliminare la cache e cronologia del browser, locazioni appunto usate dai malware per annidarsi e rigenerarsi nei successivi riavvii di windows.
quindi sei cortesemente invitato a farla quanto prima. poi produci un nuovo log con malwarebytes avira è obsoleto, aggiorna alla nuova versionee abilita la scansione delle applicazioni potenzialmente pericolose e integrità file system manca il log di emsisoftware antimalware
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
26-01-2011, 19:35 | #4 |
Junior Member
Iscritto dal: Feb 2006
Messaggi: 28
|
grazie,
ho eseguito atf cleaner (prima non l'avevo fatto perchè pensavo fosse incompatibile con windows 7), rieseguito scan con malwarebyte: mbam-log-2011-01-26 (18-21-56).txt aggiornato avira alla versione 10: AVSCAN-20110126-193132-C241CA8B.LOG il log di emsisoft è nel post sopra, chiamato erroneamente "emisoft". (tra l'altro emsisoft mi ha messo in quarantena un file della cartella di prevx...) inoltre ho inviato a virustotal il file patchful.exe e risulta segnalato solo da avira. probabilmente si tratta di un falso allarme, ma sarei grato se poteste fugare gli ultimi dubbi. grazie ancora, ciao |
26-01-2011, 21:34 | #5 |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
non hai aggiornato malwarebytes che èrestato con le definizioni vecchie, rifai la scansione completa perfavore
puoi fare un nuovo log anche di emsisoft? per la domanda sul falso positivo.. se puoi pubblicare l'indirizzo per visionare i risultati di virustotasl te ne sarei grato
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
27-01-2011, 18:06 | #6 | ||
Junior Member
Iscritto dal: Feb 2006
Messaggi: 28
|
ho aggiornato il database di malwarebytes
Quote:
Quote:
http://www.virustotal.com/file-scan/...8f-1296151306# |
||
27-01-2011, 19:00 | #7 |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
puoi frami ora un nuovo log con hijackfree e uno con hijackthis?
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
28-01-2011, 07:54 | #8 |
Junior Member
Iscritto dal: Feb 2006
Messaggi: 28
|
|
28-01-2011, 09:30 | #9 |
Moderatore
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27465
|
riesegui HiJackThis optando per l'opzione "Scan Only", al termine il pulsante in basso a sinistra si chiamerà "Fix Checked", quindi seleziona le righe da fixare e premi tale tasto.
fixa: Codice:
F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" la toolbar di skype è fonte di problemi nelle ultime versioni quindi te l'ho fatta disabilitare, non è comunque indispensabile per il corretto funzionamento di skype poi riavvia e dimmi se hai ancora problemi al pc
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
28-01-2011, 13:49 | #10 |
Junior Member
Iscritto dal: Feb 2006
Messaggi: 28
|
seguito indicazioni.
per ora non ci sono problemi. grazie mille dell'aiuto! |
23-07-2012, 09:43 | #11 |
Senior Member
Iscritto dal: Jun 2007
Messaggi: 579
|
riesumo questo post
anche il pc di mio padre è stato infettato da questo virus. Ho disattivato avira e fatto una scansion con combofix, ecco il log! se ci sono altre cose che devo fare, ditemi pure, poi le faccio stasera dal pc di mio padre! grazie mille |
23-07-2012, 21:48 | #12 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
23-07-2012, 22:28 | #13 |
Senior Member
Iscritto dal: Jun 2007
Messaggi: 579
|
ok appena finisco li allego.
intanto avevo cominciato a seguire la procedura del vostro tutorial ed ho eseguito atf-cleaner, Malwarebytes (del quale non trovo il log :/) e emsisof antimalware del quale allego il log Codice:
Emsisoft Anti-Malware - Versione 6.6 Ultimo aggiornamento: 23/07/2012 22.02.23 Impostazioni scansione: Tipo scansione: Completa Oggetti: Rootkits, Memoria, Tracce, C:\, D:\, F:\ Archivio scansioni: On Scansione ADS: On Scansione avviata: 23/07/2012 22.03.19 Key: hkey_classes_root\typelib\{aed3a6b0-2171-11d2-b77c-0008c73aca8f} rilevati: Trace.Registry.nicesoftkeylogger!E1 Key: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{14e61a41-8846-11d2-b7e4-0008c73aca8f} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{1e6d8684-755d-4847-bf40-68ec5e4bc1e9} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{23e86816-772b-4b28-a924-a135cff6469a} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{3a037057-57f0-4904-a1e0-ad0ea2fb564e} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{41dba1fa-44f6-4bd5-82df-1a7fdea0475d} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{56930358-ad72-408f-83c4-a2b0dc8037b2} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{607a06fe-2fda-4adc-854d-d016d98d83db} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{65c53be7-ed21-4c25-b189-da0e8fad5231} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{0c21b3b1-2b11-45f2-8a9e-dcc5032de98a} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{821aafe5-2f19-47eb-aca9-3b4c1d64ac27} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{08b9999c-dad2-4353-b25b-8ccaffca4d16} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{aed3a6b1-2171-11d2-b77c-0008c73aca8f} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{b89d0e7a-0f5b-40ee-8af3-08fa2ed9534f} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{cf2ed965-e0ba-4fe4-ade2-38bd48f112e8} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{e05aea1e-bcb1-473a-8b2a-4829d9e1ad23} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.attachment rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.attachments rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.headers rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.message rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{684130b2-2b8a-4e8d-be71-8f4052882076} rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pgpdecoderesult rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pgpdecoderesultcollection rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pgpdecoderesults rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pop3 rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.recipient rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.recipients rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.smtpmail rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.speedmailer rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.messages rilevati: Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.mailmerge rilevati: Trace.Registry.nicespy!E1 Value: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Key: hkey_classes_root\interface\{952f0b99-50b6-44b3-ae0d-700d5b98b416} rilevati: Trace.Registry.nicespy!E1 Value: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel rilevati: Trace.Registry.xp keylogger 5.0!E1 Scansionati 520225 Rilevato 74 Fine scansione: 23/07/2012 22.50.38 Tempo scansione: 0:47:19 Value: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{10e321cc-683e-4060-b938-4f53234d9593}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_local_machine\software\classes\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.xp keylogger 5.0!E1 Value: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Value: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76}\inprocserver32 --> threadingmodel In quarantena Trace.Registry.pc james bond 007!E1 Key: hkey_classes_root\clsid\{0d821067-fcf9-4704-9287-0d8f76fe6513} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{10e321cc-683e-4060-b938-4f53234d9593} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{53deca78-c334-4235-9165-1fe7d8912a76} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{81ca5571-c109-47ae-be1c-2df9cb8999ff} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{90d0a753-ad45-40fd-8c6e-555600ee5eb4} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{b10bf17c-f7ec-4ee2-ad7a-6f42816aec0f} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{b1cc9084-0177-4136-9b1b-c06c061f1e1d} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{b3a0acb9-3d8c-4999-9e6b-3e44372e11dd} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{dbaaea4b-ad29-47bd-8776-c787d5be28aa} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{e5ff9f62-0e7c-4372-8ad5-da7d2418070c} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{f812b147-0e26-4222-8ee4-9f753cd2b39c} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{a62c8bdb-d1fc-4fdd-a2a2-eeff73262a41} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{ac3f1977-cd10-41b2-9977-7693a4c13377} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{14e61a41-8846-11d2-b7e4-0008c73aca8f} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{1e6d8684-755d-4847-bf40-68ec5e4bc1e9} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{23e86816-772b-4b28-a924-a135cff6469a} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{3a037057-57f0-4904-a1e0-ad0ea2fb564e} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{41dba1fa-44f6-4bd5-82df-1a7fdea0475d} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{56930358-ad72-408f-83c4-a2b0dc8037b2} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{607a06fe-2fda-4adc-854d-d016d98d83db} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{65c53be7-ed21-4c25-b189-da0e8fad5231} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{0c21b3b1-2b11-45f2-8a9e-dcc5032de98a} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{821aafe5-2f19-47eb-aca9-3b4c1d64ac27} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{08b9999c-dad2-4353-b25b-8ccaffca4d16} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{aed3a6b1-2171-11d2-b77c-0008c73aca8f} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{b89d0e7a-0f5b-40ee-8af3-08fa2ed9534f} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{cf2ed965-e0ba-4fe4-ade2-38bd48f112e8} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{e05aea1e-bcb1-473a-8b2a-4829d9e1ad23} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.attachment In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.attachments In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.headers In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\clsid\{aed3a6b3-2171-11d2-b77c-0008c73aca8f} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.message In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{684130b2-2b8a-4e8d-be71-8f4052882076} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pgpdecoderesult In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pgpdecoderesultcollection In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pgpdecoderesults In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.pop3 In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.recipient In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.recipients In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.smtpmail In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.speedmailer In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.messages In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\jmail.mailmerge In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\interface\{952f0b99-50b6-44b3-ae0d-700d5b98b416} In quarantena Trace.Registry.nicespy!E1 Key: hkey_classes_root\typelib\{aed3a6b0-2171-11d2-b77c-0008c73aca8f} In quarantena Trace.Registry.nicesoftkeylogger!E1 In quarantena 74 |
23-07-2012, 22:31 | #14 |
Senior Member
Iscritto dal: Jun 2007
Messaggi: 579
|
OTL.txt
Codice:
OTL logfile created on: 23/07/2012 23.18.14 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Lanfranco\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 50,92% Memory free 11,92 Gb Paging File | 9,42 Gb Available in Paging File | 79,05% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,84 Gb Total Space | 87,28 Gb Free Space | 30,75% Space Free | Partition Type: NTFS Drive D: | 14,25 Gb Total Space | 1,97 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Drive F: | 111,79 Gb Total Space | 69,77 Gb Free Space | 62,42% Space Free | Partition Type: NTFS Computer Name: PC-LANFRANCO | User Name: Lanfranco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/07/23 23.17.50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lanfranco\Desktop\OTL.exe PRC - [2012/07/23 22.01.59 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012/07/12 12.23.52 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe PRC - [2012/07/05 18.41.46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/06/20 13.18.08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012/05/26 06.32.24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Lanfranco\AppData\Local\Akamai\netsession_win.exe PRC - [2012/04/17 21.08.14 | 000,525,680 | ---- | M] (NDS Technologies) -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe PRC - [2012/04/17 21.08.12 | 006,467,944 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe PRC - [2012/02/23 13.30.40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012/02/03 15.26.35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/02/03 15.26.26 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/02/03 15.26.24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/02/03 15.26.24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/02/03 15.26.23 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe PRC - [2010/10/27 20.17.52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11.27.44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11.19.26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/04/07 09.13.10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009/02/28 01.23.46 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe PRC - [2009/02/28 01.23.42 | 002,732,032 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe PRC - [2009/01/26 15.31.10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/12 18.01.46 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe PRC - [2007/12/27 16.39.30 | 000,166,520 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2007/12/27 16.39.20 | 000,051,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe PRC - [2007/04/18 17.01.34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe PRC - [2006/12/20 12.14.00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe PRC - [2006/12/19 19.23.20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2012/04/17 21.09.26 | 000,091,464 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\z.dll MOD - [2012/04/17 21.09.22 | 000,274,272 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\ndsLogStore.dll MOD - [2012/04/17 21.09.18 | 001,402,712 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\libxml2-2.dll MOD - [2012/04/17 21.09.02 | 000,688,488 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\libgstreamer-0.10.dll MOD - [2012/04/17 21.08.22 | 007,070,048 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\gsttspplugin.dll MOD - [2012/04/17 21.08.12 | 006,467,944 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe MOD - [2012/04/17 21.08.06 | 002,033,504 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\DrmSingleton.dll MOD - [2011/06/24 22.56.36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22.56.14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/04/11 08.28.21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009/03/12 15.45.32 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL MOD - [2008/11/21 13.58.42 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll MOD - [2007/04/19 09.33.00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/12/16 16.44.44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV - [2012/07/23 22.01.59 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012/07/12 12.23.56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/05 18.41.46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/03 09.06.04 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012/06/05 15.17.44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/22 13.51.04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/02/03 15.26.35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/02/03 15.26.26 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/02/03 15.26.24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/11/15 01.25.24 | 000,017,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GWSoftware\GWSINC2\GWSINCs.exe -- (GWSINC) SRV - [2010/12/10 18.36.54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010/03/18 14.16.28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11.19.26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/03/30 06.42.14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/02/28 01.23.46 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2009/02/28 01.23.42 | 002,732,032 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2008/12/22 22.33.36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/12/20 19.54.25 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008/02/03 12.00.00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007/12/27 16.39.30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2007/12/27 16.39.20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2007/12/17 15.00.00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007/01/11 15.02.00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) SRV - [2006/12/20 12.14.00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4) SRV - [2006/12/19 19.23.20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2012/04/22 13.51.38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012/02/29 15.52.46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12.01.50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/02/03 15.26.50 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012/02/03 15.26.50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/02/03 15.26.49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/01/12 09.28.48 | 000,057,976 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE) DRV:64bit: - [2012/01/09 17.28.20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012/01/09 17.28.20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012/01/09 17.28.20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012/01/09 17.28.18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2009/10/01 02.51.42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/09/21 08.07.26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009/08/20 07.02.06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2009/05/18 13.17.08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/09 01.14.20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr) DRV:64bit: - [2009/04/11 08.16.39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/04/11 07.39.37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2009/03/13 10.55.38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009/03/06 19.10.10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2009/02/27 08.20.52 | 000,743,552 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009/02/27 08.20.46 | 000,663,040 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2008/12/18 11.14.18 | 000,076,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\eusk3usb-amd64.sys -- (eusk3usb) DRV:64bit: - [2008/10/21 12.59.54 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys -- (RT73) DRV:64bit: - [2008/10/13 14.25.16 | 000,023,424 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AsusVRC64.sys -- (ASUSVRC64) DRV:64bit: - [2008/01/21 04.49.47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM) DRV:64bit: - [2008/01/21 04.46.57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2007/06/24 22.56.56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007/06/24 22.56.42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV:64bit: - [2007/06/24 22.56.36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV:64bit: - [2007/03/05 21.47.08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btnetdrv.sys -- (BT) DRV:64bit: - [2007/03/05 21.42.54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007/03/05 21.41.34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vbtenum.sys -- (BTHidEnum) DRV:64bit: - [2007/03/05 21.39.28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007/03/05 21.38.20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm) DRV:64bit: - [2007/01/31 18.01.00 | 000,320,512 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364) DRV - [2012/04/30 18.45.28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2011/05/19 14.10.34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2007/06/24 22.56.56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007/06/24 22.56.42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007/06/24 22.56.36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007/03/05 21.47.08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT) DRV - [2007/03/05 21.42.54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007/03/05 21.41.34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007/03/05 21.39.28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007/03/05 21.38.20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) DRV - [1997/05/30 00.00.00 | 000,021,824 | ---- | M] (Micropi Elettronica - Italia) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\CPWNT.SYS -- (cpwnt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=84&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4DEA7E06-C11A-457C-81B1-D4F9610952FC} IE:64bit: - HKLM\..\SearchScopes\{4DEA7E06-C11A-457C-81B1-D4F9610952FC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it IE:64bit: - HKLM\..\SearchScopes\{536F10F2-25F0-4526-A1FD-C087730B8A02}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=84&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {4DEA7E06-C11A-457C-81B1-D4F9610952FC} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{4DEA7E06-C11A-457C-81B1-D4F9610952FC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it IE - HKLM\..\SearchScopes\{536F10F2-25F0-4526-A1FD-C087730B8A02}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lanfranco\Desktop IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=050412_30b&babsrc=SP_ss&mntrId=f2f84dfc000000000000001583311b14 IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{42C47554-4932-4386-B538-E9554AF3CC4C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADRA_it IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{4DEA7E06-C11A-457C-81B1-D4F9610952FC}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{536F10F2-25F0-4526-A1FD-C087730B8A02}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.20 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPCShowPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (NDS) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lanfranco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (NDS) [2010/02/14 18.13.54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lanfranco\AppData\Roaming\mozilla\Extensions [2010/02/14 18.13.54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lanfranco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Iminent (Enabled) = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Lanfranco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Ricerca Google = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Iminent = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\ CHR - Extension: Skype Click to Call = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\ CHR - Extension: Gmail = C:\Users\Lanfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/22 22.00.23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [Akamai NetSession Interface] C:\Users\Lanfranco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000..\Run: [PCShowServer] C:\Users\Lanfranco\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe (NDS Technologies) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Download with iphone-transfer-platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Download with iphone-transfer-platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} http://192.168.1.130/DVROcxEx.cab (Controllo DVR remoto) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://demo.hrcctv.com:6803/WebClient.exe (WebClient Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37F72512-9BBB-4C53-8091-0708A104008E}: DhcpNameServer = 62.101.93.101 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67F61A35-7EA5-44E5-8A03-842BCF4D477C}: DhcpNameServer = 62.101.93.101 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/01/10 02.37.40 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2134509721-2594330589-2438891299-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/23 23.17.21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lanfranco\Desktop\OTL.exe [2012/07/23 23.04.59 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\Avira [2012/07/23 22.59.35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/07/23 22.59.15 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Local\AskToolbar [2012/07/23 22.59.09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/07/23 22.59.04 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Local\APN [2012/07/23 22.58.51 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/07/23 22.58.51 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/07/23 22.58.51 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/07/23 22.58.49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/07/23 22.58.49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/07/23 22.04.33 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\f-secure [2012/07/23 22.04.22 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012/07/23 21.54.27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012/07/23 21.54.07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012/07/23 21.54.07 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\Documents\Anti-Malware [2012/07/23 21.44.38 | 139,009,208 | ---- | C] (Emsisoft GmbH ) -- C:\Users\Lanfranco\Desktop\EmsisoftAntiMalwareSetup.exe [2012/07/23 19.50.37 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2012/07/22 22.00.28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/07/22 21.44.06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/22 21.44.06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/22 21.44.06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/22 20.24.50 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Lanfranco\Desktop\ComboFix.exe [2012/07/22 20.14.28 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/22 20.14.17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/07/22 20.01.33 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software [2012/07/19 19.46.10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/07/19 19.46.07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/07/19 19.46.07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/07/19 08.50.57 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012/07/18 11.11.10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/07/18 11.10.29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/07/18 10.52.58 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\SpeedyPC Software [2012/07/18 10.52.58 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\DriverCure [2012/07/18 10.52.49 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012/07/17 17.34.52 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys [2012/07/11 14.14.08 | 000,016,948 | ---- | C] (Micropi Elettronica - Italia) -- C:\Windows\SysNative\cpwin32.dll [2012/07/11 14.10.51 | 000,021,824 | ---- | C] (Micropi Elettronica - Italia) -- C:\Windows\SysWow64\drivers\CPWNT.SYS [2012/07/11 14.10.51 | 000,016,948 | ---- | C] (Micropi Elettronica - Italia) -- C:\Windows\SysWow64\CPWIN32.DLL [2012/07/11 11.11.12 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\Desktop\Prog_lanf [2012/07/11 09.45.00 | 000,000,000 | ---D | C] -- C:\Dispense [2012/07/10 12.02.05 | 000,000,000 | ---D | C] -- C:\FastWeb [2012/07/10 10.45.32 | 000,000,000 | ---D | C] -- C:\Norme CEI orig [2012/07/06 12.24.32 | 000,356,352 | ---- | C] (TDP5) -- C:\Windows\SysWow64\th264codec.dll [2012/07/06 12.24.32 | 000,282,624 | ---- | C] (tvt) -- C:\Windows\SysWow64\tvtxtdec.dll [2012/07/06 12.24.32 | 000,239,888 | ---- | C] (Microcrap Corporation) -- C:\Windows\SysWow64\mpg4ds32.ax [2012/07/06 12.24.32 | 000,090,112 | ---- | C] (tvt) -- C:\Windows\SysWow64\tvtacodec.dll [2012/07/06 12.24.32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter [2012/07/06 12.24.31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ControlCenter [2012/07/06 09.10.14 | 000,000,000 | ---D | C] -- C:\Users\Lanfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced LAN Scanner [2012/07/06 09.10.14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced LAN Scanner [2012/07/06 09.10.14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced LAN Scanner [2012/07/01 18.27.18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webclient [2012/07/01 18.06.08 | 000,000,000 | ---D | C] -- C:\DVR TVCC [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/23 23.17.50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lanfranco\Desktop\OTL.exe [2012/07/23 23.14.00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/23 23.00.02 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/23 22.59.35 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/07/23 22.58.05 | 087,765,048 | ---- | M] () -- C:\Users\Lanfranco\Desktop\avira_free_antivirus_it.exe [2012/07/23 21.54.27 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/07/23 21.53.57 | 139,009,208 | ---- | M] (Emsisoft GmbH ) -- C:\Users\Lanfranco\Desktop\EmsisoftAntiMalwareSetup.exe [2012/07/23 21.39.25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/23 21.39.25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/23 21.39.24 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/23 21.39.19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/23 19.59.58 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/23 19.49.00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2012/07/22 22.00.23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/07/22 20.13.44 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Lanfranco\Desktop\ComboFix.exe [2012/07/20 07.51.17 | 000,001,736 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/07/19 19.46.11 | 000,001,099 | ---- | M] () -- C:\Users\Lanfranco\Desktop\Spybot - Search & Destroy.lnk [2012/07/18 10.40.57 | 000,487,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/17 19.19.36 | 000,000,732 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\d3d9caps64.dat [2012/07/17 17.44.18 | 000,253,280 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\census.cache [2012/07/17 17.44.04 | 000,212,204 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\ars.cache [2012/07/17 17.33.28 | 000,000,036 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\housecall.guid.cache [2012/07/11 13.34.52 | 000,072,704 | ---- | M] () -- C:\Users\Lanfranco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/10 10.56.18 | 000,796,602 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012/07/10 10.56.18 | 000,711,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/10 10.56.18 | 000,177,552 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012/07/10 10.56.18 | 000,150,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/10 10.56.17 | 001,834,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/06 12.24.35 | 000,000,689 | ---- | M] () -- C:\Users\Public\Desktop\CMS.lnk [2012/07/03 13.46.44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/23 22.59.35 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/07/23 22.53.29 | 087,765,048 | ---- | C] () -- C:\Users\Lanfranco\Desktop\avira_free_antivirus_it.exe [2012/07/23 21.54.27 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/07/22 21.44.06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/22 21.44.06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/22 21.44.06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/22 21.44.06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/22 21.44.06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/20 07.49.57 | 000,001,736 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/07/19 19.46.11 | 000,001,099 | ---- | C] () -- C:\Users\Lanfranco\Desktop\Spybot - Search & Destroy.lnk [2012/07/17 19.19.36 | 000,000,732 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\d3d9caps64.dat [2012/07/17 17.44.18 | 000,253,280 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\census.cache [2012/07/17 17.44.04 | 000,212,204 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\ars.cache [2012/07/17 17.33.28 | 000,000,036 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\housecall.guid.cache [2012/07/06 12.24.32 | 000,003,001 | ---- | C] () -- C:\Windows\SysWow64\th264codec.inf [2012/07/06 12.24.32 | 000,002,740 | ---- | C] () -- C:\Windows\SysWow64\xvid.inf [2012/07/06 12.24.32 | 000,002,693 | ---- | C] () -- C:\Windows\SysWow64\mpg4vki.inf [2012/07/06 12.24.32 | 000,002,635 | ---- | C] () -- C:\Windows\SysWow64\tvtacodec.inf [2012/07/06 12.24.32 | 000,002,442 | ---- | C] () -- C:\Windows\SysWow64\tvtxt.inf [2012/07/06 12.24.31 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\amd422codec.dll [2012/07/06 12.24.31 | 000,000,689 | ---- | C] () -- C:\Users\Public\Desktop\CMS.lnk [2012/01/15 19.23.56 | 000,002,048 | -HS- | C] () -- C:\Users\Lanfranco\AppData\Local\{f317ba24-2b9b-bfdd-2e40-b3c57242fcd6}\@ [2011/12/04 20.17.43 | 000,003,072 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\CatSpy.db [2011/05/09 19.57.37 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL [2011/05/09 19.57.36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\Unrar.dll [2011/04/26 17.58.49 | 000,000,680 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\d3d9caps.dat [2010/01/24 15.28.22 | 000,000,253 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\ANICONFIG_{788B98D4-554E-40A0-8630-E6479E4F64B1}.ini [2009/07/30 06.59.55 | 000,373,136 | ---- | C] () -- C:\Users\Lanfranco\definitivi cecere.bak [2009/04/26 19.45.33 | 000,026,311 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\UserTile.png [2009/03/15 18.55.45 | 000,000,000 | ---- | C] () -- C:\Users\Lanfranco\AppData\Roaming\wklnhst.dat [2008/12/27 17.11.45 | 000,072,704 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/24 17.06.32 | 000,000,097 | ---- | C] () -- C:\Users\Lanfranco\AppData\Local\fusioncache.dat ========== LOP Check ========== [2011/12/24 21.08.06 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Any Video Converter [2008/12/20 20.25.46 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Autodesk [2010/06/02 15.08.20 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\avidemux [2012/07/18 10.52.58 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\DriverCure [2012/04/25 19.06.28 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Epson [2012/07/23 22.04.33 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\f-secure [2011/12/24 21.51.54 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\FTWeak [2011/12/24 20.35.17 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\GlarySoft [2012/04/07 19.51.39 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Iminent [2011/06/24 22.24.49 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\ImTOO [2010/06/02 15.25.24 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\MotionDSP [2010/01/06 21.09.34 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Nokia [2010/01/06 21.09.06 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Nokia Ovi Suite [2009/11/08 18.24.38 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Nseries [2010/05/04 20.54.37 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\PC Suite [2011/11/01 20.10.04 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\pdfforge [2012/03/08 19.01.33 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\ProgettoGWDXF [2012/07/18 10.52.58 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\SpeedyPC Software [2009/03/15 18.55.47 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Template [2010/02/14 18.13.54 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\TomTom [2011/11/19 21.04.13 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Uniblue [2010/09/14 19.25.26 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\VSRevoGroup [2008/12/27 22.43.55 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\WinBatch [2010/10/03 13.47.31 | 000,000,000 | ---D | M] -- C:\Users\Lanfranco\AppData\Roaming\Winsome Technologies [2012/07/23 19.49.00 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job [2012/04/10 19.04.23 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012/07/23 21.38.04 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/05/20 17.28.12 | 000,000,000 | ---D | M](C:\??) -- C:\ྱ嬷 [2012/05/20 17.28.12 | 000,000,000 | ---D | C](C:\??) -- C:\ྱ嬷 ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:890CC2F3 @Alternate Data Stream - 1360 bytes -> C:\Users\Lanfranco\AppData\Roaming\CatSpy.db:mystream < End of report > Codice:
OTL Extras logfile created on: 23/07/2012 23.18.14 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Lanfranco\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 50,92% Memory free 11,92 Gb Paging File | 9,42 Gb Available in Paging File | 79,05% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,84 Gb Total Space | 87,28 Gb Free Space | 30,75% Space Free | Partition Type: NTFS Drive D: | 14,25 Gb Total Space | 1,97 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Drive F: | 111,79 Gb Total Space | 69,77 Gb Free Space | 62,42% Space Free | Partition Type: NTFS Computer Name: PC-LANFRANCO | User Name: Lanfranco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .cmd [@ = cmdfile] -- Reg Error: Key error. File not found .com [@ = ComFile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .pif [@ = piffile] -- Reg Error: Key error. File not found .vbs [@ = VBSFile] -- Reg Error: Key error. File not found .wsf [@ = WSFFile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 67 3D C5 9F 8E 60 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007 "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON PX810FW Series" = EPSON PX810FW Series Printer Uninstall "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "HP Photosmart Essential" = HP Photosmart Essential 3.0 "Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) "NVIDIA Drivers" = NVIDIA Drivers "Vista Codec x64 Components_is1" = Vista Codec x64 Components [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00286B0F-07D2-4970-8B2E-53BA20FC2E12}" = GWDXF "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FF63C7-6D9E-49F4-9018-BD269A1492C9}" = ASUS Popup TV "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{108CEDEA-0633-4D91-B7A0-CCE8E519A49C}" = Tuttonormel - VIP "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1 "{1D37596A-408C-4C55-8FE2-85011195801E}" = TiMH200 "{1DBDE93C-F3C7-413B-B5DF-48B786DB34EC}" = TiDisplayColorIP "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (GWSUITEAAD) "{2CBEBD86-65F0-454B-B50B-90841D3E16AA}" = PriMus-K "{2E62D235-2489-404F-ADC4-D1AEB65F8C6C}" = GW64-8 "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{2FCBB015-7570-4C22-8BB5-415C79DF1FA5}" = PriMus "{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works "{3BFED551-630D-4C5E-A90F-A6B7E9CF3CA0}" = PriMus-DCF v.UNICO "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B95A7D0-AF67-4916-9433-C18B9969E9D4}" = PS-Utility "{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent "{52FF2065-56A2-43B4-B9E8-4A623174CA46}" = GWPRICE "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{53FFE38E-F9B3-446D-B4BD-6F310AD689A5}_is1" = GWPBT-Q "{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{55D8440D-6577-46DC-9571-8E5E3046AC11}" = ASUS US2-400 Utilities "{5783F2D7-5001-0410-0002-0060B0CE6BBA}" = AutoCAD 2007 - Italiano "{5CDCB19B-1C44-46EE-82D6-3FA85A531DE8}" = ArcSoft TotalMedia 3.5 "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{67C33B30-493A-4EB3-9F0B-0C569FC4B92E}" = GW3708 "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6B20EE79-2049-49BC-BC46-17A040EE3C2E}" = PS-Wizard "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite "{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227 "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007 "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007 "{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007 "{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007 "{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian) "{98018842-DAF7-4722-BD01-936715DE2052}" = GWSINC "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS "{A366D473-A2F0-47F0-9B8F-493D41F1E867}" = GWCAP "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A724A1A4-1521-4E7F-A7C6-6D6FF9590CA3}" = Prysmian JDC 3.1.2 "{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1040-7B44-A95000000001}" = Adobe Reader 9.5.1 - Italiano "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BA40B9FF-8FC0-4B50-83C5-A4A9A8078126}" = GWCAD "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{C2229A1A-AC81-42E4-B514-98A71BB436F0}" = ASUS GadgeTV "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution "{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{DED1CBFB-42C2-47C8-AEE0-9324DEA51B69}" = GWSTART "{E1839F1F-7E5A-47A0-94D3-8272DD636B9E}_is1" = TestiMP3 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E5EDA1E6-5FDD-4B29-8399-6022B81C3A7C}" = ControlCenter "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack "{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend "{FEC1DF97-E716-4CD8-A55B-75C373912D35}" = Sky Go Player "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "7-Zip" = 7-Zip 4.62 "ABBSoftwareDesktop2" = ABB Software Desktop 2 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Advanced LAN Scanner v1.0 BETA 1" = Advanced LAN Scanner v1.0 BETA 1 "Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 9.5 "Akamai" = Akamai NetSession Interface Service "Autodesk DWF Viewer" = Autodesk DWF Viewer "Avira AntiVir Desktop" = Avira Free Antivirus "DOC2" = ABB DOC2 "eMule AdunanzA" = AdunanzA "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON PERFECTION V500 PHOTO User’s Guide" = EPSON PERFECTION V500 PHOTO Manual "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Guida utente" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manuale "FairUse Wizard 2" = FairUse Wizard 2 "FBDBServer_2_1_is1" = Firebird 2.1.2.18118 (Win32) "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Glary Utilities_is1" = Glary Utilities 2.44.0.1450 "Google Chrome" = Google Chrome "GWCAD" = GWCAD "IMBoosterARP" = Iminent "ImTOO iPhone Transfer Platinum" = ImTOO iPhone Transfer Platinum "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "MailNavigator v.1.11" = MailNavigator v.1.11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Nokia Suite" = Nokia Suite "Picasa 3" = Picasa 3 "Revo Uninstaller" = Revo Uninstaller 1.94 "SyncBack_is1" = SyncBack "TiDisplayColorIP 4.0.44" = TiDisplayColorIP 4.0.44 "TiManager 2.0" = TiManager 2.0 "TiMH200" = TiMH200 "TitaniumFax" = TitaniumFax "Tuttonormel - VIP" = Tuttonormel - VIP "TVEpaDrv" = ASUS My Cinema US2-400 BDA Drivers "VLC media player" = VLC media player 1.0.5 "WebClient" = WebClient "WildTangent hp Master Uninstall" = My HP Games "XPD" = XPD "XviD_is1" = XviD MPEG-4 Video Codec ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2134509721-2594330589-2438891299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Akamai" = Akamai NetSession Interface ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22/07/2012 16.06.55 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023 Description = Error - 22/07/2012 16.07.06 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 10005 Description = Error - 22/07/2012 16.07.07 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023 Description = Error - 22/07/2012 18.13.44 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 10005 Description = Error - 22/07/2012 18.13.44 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023 Description = Error - 22/07/2012 18.13.56 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 10005 Description = Error - 22/07/2012 18.13.56 | Computer Name = PC-Lanfranco | Source = MsiInstaller | ID = 1023 Description = Error - 23/07/2012 3.42.29 | Computer Name = PC-Lanfranco | Source = WinMgmt | ID = 10 Description = Error - 23/07/2012 10.00.47 | Computer Name = PC-Lanfranco | Source = WinMgmt | ID = 10 Description = Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 08/02/2012 15.32.03 | Computer Name = PC-Lanfranco | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 23/07/2012 15.39.25 | Computer Name = PC-Lanfranco | Source = Print | ID = 19 Description = Spooler di stampa: impossibile condividere la stampante EPSON PX810FW Series con nome di risorsa condivisa EPSON PX810FW Series. Errore: 2114. La stampante non potrà essere utilizzata da altri utenti della rete. Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7000 Description = Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7000 Description = Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7001 Description = Error - 23/07/2012 15.39.34 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7001 Description = Error - 23/07/2012 15.40.25 | Computer Name = PC-Lanfranco | Source = DCOM | ID = 10016 Description = Error - 23/07/2012 15.40.33 | Computer Name = PC-Lanfranco | Source = DCOM | ID = 10016 Description = Error - 23/07/2012 15.41.28 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7022 Description = Error - 23/07/2012 15.41.28 | Computer Name = PC-Lanfranco | Source = Service Control Manager | ID = 7026 Description = Error - 23/07/2012 16.07.10 | Computer Name = PC-Lanfranco | Source = Application Popup | ID = 1060 Description = Caricamento del driver \??\C:\Users\LANFRA~1\AppData\Local\Temp\OnlineScanner\Anti-Vir bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver. < End of report > |
24-07-2012, 15:30 | #15 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Allega i log in formato .txt su 1 dei Server qui indicati http://www.hwupgrade.it/forum/showthread.php?t=1751598
__________________
Try again and you will be luckier.
|
24-07-2012, 15:45 | #16 |
Senior Member
Iscritto dal: Jun 2007
Messaggi: 579
|
|
24-07-2012, 16:42 | #17 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
Se la risposta è si, scarica sul Desktop SystemLook http://jpshortstuff.247fixes.com/SystemLook_x64.exe doppio clic per lanciarlo nella finestra principale, copia ed incolla: :filefind services.exe clicca su LOOK ed allega il log
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 24-07-2012 alle 16:46. |
|
24-07-2012, 16:44 | #18 |
Senior Member
Iscritto dal: Jun 2007
Messaggi: 579
|
no, l'ho reinstallato e non lo rileva piu
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 20:41.